Merge encrypts all data at rest and in-transit!

All our data is stored in AWS, and is encrypted using the AES-256 encryption algorithm. Data is not allowed to be stored on external media, and production data is never moved out of production environments. Additionally, employees are only granted permission to view customer data upon customer request.

In regards to the location of AWS data is stored, EU data will only be stored in the EU in Stockholm. Single-Tenant Environments are also available for purchase for your signed annual plan for the additional level of security you may want.

Customer credentials are encrypted as-rest and in-transit. We utilize two separate layers of encryption, one at the storage layer, and another at the application layer, to ensure that credentials are secured.

You can see here we are listed as a sub-processor for Drata, one of our customers who is a market leader in the data security and compliance space. Drata is trusted by large organizations to help them achieve and maintain security certifications including; SOC 2, ISO 27001, PCI DSS & HIPAA.

Merge does not currently offer on-prem. We do offer a single-tenant environment, where your data is hosted in an AWS region of your choice. You receive your own servers and databases, and though Merge manages it, your data is fully separated from that of other Merge customers.