Security overview

MARPT is designed for immigration decision tooling. We treat data handling and system integrity as first-order concerns. This page summarizes our security posture in plain language.

Important: This overview describes our intent and operating practices. Specific controls can vary by environment and deployment.

Data handling principles

Minimization

We aim to collect only what is needed to provide the service and improve reliability.

Access control

Internal access is limited to operational needs. Privileged access is restricted.

Retention

We aim to retain data only as long as necessary for service operation and support.

Security controls (high-level)

The controls below are described at a high level to avoid creating unnecessary attack detail. Specific implementations may change as the product evolves.

Transport protection: Pages and APIs are intended to be served over HTTPS.
Separation of concerns: Product logic, content sources, and user interface are separated to reduce blast radius.
Least-privilege: Services and operational accounts are intended to use only the permissions they require.
Monitoring: We aim to monitor errors and abnormal behavior to detect issues early.
Vendor surface: Where third-party services are used (e.g., payments), we rely on their standard security controls and limit shared data.

For law firms: If you need a short security summary for internal review, contact support and we can provide a concise statement aligned to your deployment.

AI and sensitive information

MARPT uses AI as a constrained component inside a decision system. We encourage users to avoid entering unnecessary sensitive personal information. Provide only what is required to evaluate visa pathways and requirements.

When explanations are generated, they are designed to reflect structured logic and official sources rather than speculative language.