Is OG Marka SOC 2 certified?

OG Marka does not claim its own SOC 2 certification. The company uses modern cloud vendors and security controls, and vendor compliance should be discussed separately during implementation.

Who owns client data?

Client operating data, CRM records, leads, workflows, and implementation assets belong to the client. OG Marka designs systems for operational handover and ongoing support.

What is reviewed before implementation?

OG Marka reviews current tools, data sources, API approvals, access roles, workflow scope, escalation paths, handover needs, and security assumptions before production implementation.

Trust & Security

Security expectations for serious operating systems.

OG Marka builds CRM, WhatsApp Commerce, ERP, AI automation, and web infrastructure for teams that rely on clean data and controlled access. This page clarifies how we think about trust before implementation begins.

Client-owned operating data

CRM records, lead data, workflows, and implementation assets are treated as client business infrastructure. Handover documentation is part of delivery.

Least-privilege access

Project access is scoped to the work being delivered. Admin credentials, API keys, and platform roles should be reviewed during onboarding and offboarding.

Vendor compliance clarity

OG Marka uses modern cloud vendors and security features, but vendor compliance is not the same as OG Marka holding its own SOC 2 certification.

Baseline controls

HTTPS/TLS for web traffic and API communication.
Role-based access patterns for dashboards and internal tools.
Row-level security patterns where Supabase-backed client data is used.
Environment variable separation for secrets and deployment configuration.
Rate limiting on public lead-capture and feedback endpoints.
Documented handover for implementation assets, workflows, and critical accounts.

Deployment architecture clarity

Channels

Website forms, WhatsApp, ads, chat, and commerce entry points are mapped before automation is added.

Workflow layer

CRM stages, routing rules, AI-agent tasks, escalation paths, and reporting ownership are documented by workflow.

Data systems

CRM, payment, ERP, inventory, analytics, and storage systems are assigned a system-of-record role where applicable.

Handover

Client owners receive access notes, operating checks, training context, and offboarding expectations for critical systems.

Implementation review points

Before a production build goes live, the scope should identify data sources, WhatsApp/API approvals, payment and ERP integrations, dashboard roles, backup ownership, escalation contacts, and offboarding steps.

Inventory current tools, data owners, API approvals, and access roles.
Define workflow scope, success metrics, security assumptions, and escalation paths.
Build in stages with test data, access review, and implementation notes.
Launch with training, handover documentation, monitoring expectations, and review cadence.

For regulated or higher-risk deployments, OG Marka should document a client-specific data flow, access matrix, and vendor list before implementation.

Request Security Review Run Infrastructure Diagnostic