LEGAL INFORMATION

Security Policy

Our commitment to security, responsible disclosure, and protecting your data.

Last updated: July 2026

01

SECURE BY DESIGN

SECURITY-FIRST ENGINEERING

ZERO-TRUST ARCHITECTURE

CONTINUOUS MONITORING

RAPID INCIDENT RESPONSE

02

ENCRYPTION

TLS 1.3 IN TRANSIT

AES-256 AT REST

PGP AVAILABLE

SECURE CHANNELS

03

REPORT ISSUES

SECURITY: security@marner.ee

GENERAL: contact@marner.ee

Responsible Disclosure

We take the security of our systems and client data seriously. If you believe you have discovered a security vulnerability in our systems, we encourage you to report it to us responsibly.

When reporting a vulnerability, please include:

  • A description of the vulnerability and its potential impact
  • Detailed steps to reproduce the issue
  • Any proof-of-concept code or screenshots
  • Your contact information for follow-up

Our Commitment

When you report a security issue to us, we commit to:

  • Acknowledge receipt of your report within 48 hours
  • Provide an initial assessment within 5 business days
  • Keep you informed of our progress toward resolution
  • Credit you (if desired) when we publicly disclose the issue
  • Not pursue legal action against researchers acting in good faith

Scope

The following systems are in scope for security research:

  • marner.ee and all subdomains
  • Public-facing web applications
  • APIs accessible without authentication

The following are out of scope:

  • Physical security attacks
  • Social engineering attacks on employees
  • Denial of service attacks
  • Third-party services and applications
  • Client systems and environments

Security Practices

Our security programme includes:

  • Code Review: All code changes undergo mandatory security review
  • Penetration Testing: Regular third-party security assessments
  • Vulnerability Scanning: Automated scanning of infrastructure
  • Access Control: Principle of least privilege across all systems
  • Incident Response: Documented procedures for security incidents
  • Employee Training: Regular security awareness training

Compliance

We maintain compliance with applicable security standards and regulations, including GDPR requirements for data protection. Our security practices are aligned with industry frameworks and best practices.

For specific compliance inquiries or security documentation requests, please contact us at security@marner.ee.

Secure Communication

For sensitive communications, we support encrypted channels. Our PGP public key is available for those who need to send encrypted messages.

All data in transit is encrypted using TLS 1.3. For classified or sensitive discussions, we can establish secure communication channels upon request.