marketermcp Join beta

Security

Last updated: February 2026

Authentication

All tool execution endpoints require Bearer token authentication. Tokens are generated per account and can be rotated at any time. Discovery endpoints can be configured as public or restricted by environment policy.

Data handling

  • Tool inputs (budget data, spend figures, campaign metadata) are processed in memory and not persisted after the response is returned.
  • No tool input data is used for model training or shared with third parties.
  • All traffic is encrypted in transit via TLS 1.3.

Infrastructure

  • Hosted on Cloudflare Workers with edge-level DDoS protection.
  • Request payloads are validated against schemas before tool execution.
  • Rate limits are enforced per token to prevent abuse.
  • Namespaced tool execution prevents cross-tenant data access.

Observability

  • Structured logs with unique request IDs for every API call.
  • Latency tracking and error rate monitoring with alerting.
  • Incident-ready runbooks with defined response timelines.

Responsible disclosure

If you discover a security vulnerability, please report it to [email protected]. We acknowledge reports within 48 hours and aim to resolve confirmed vulnerabilities within 14 days. We do not pursue legal action against good-faith security researchers.

Incident response

In the event of a security incident affecting user data, we will notify affected users within 72 hours with a description of the incident, the data involved, and remediation steps taken.

Back to home