Compliance

Market Fortress was designed from inception against the SOC 2 Trust Services Criteria. Our infrastructure includes immutable audit logging, role-based access control, encryption at rest and in transit, change management, incident response, and vendor risk management procedures aligned with the Type II framework.

For customers and end users in the European Economic Area, we act as a Data Processor with respect to Customer Data. Standard Contractual Clauses are available on request. Submit data-subject requests to privacy@marketfortress.app.

California residents have rights under the California Consumer Privacy Act and the California Privacy Rights Act. We do not sell or share personal information for cross-context behavioral advertising. Exercise your rights at privacy@marketfortress.app.

The Service is designed to support, not replace, our customers' obligations under the Securities Act, Exchange Act, and FINRA rules. We maintain extensive audit trails to support customers under regulatory inquiry.

We do not process payment card data directly. Subscription billing is handled by a PCI-DSS-compliant payment processor.

A current list of subprocessors is maintained in our Data Processing Addendum. Customers may subscribe to changes by emailing privacy@marketfortress.app.

For SOC 2, vendor risk, or other audit needs, contact compliance@marketfortress.app. Our standard response includes a security questionnaire response, attestation letter, and architecture diagrams under NDA.