Data security is a top priority at Merge, and we know it is for you as well! Scopes provide precise control over data, ensuring that only relevant Common Models and fields are synced through Merge.

Below, you’ll find features and endpoints related to two levels of Scopes:

The Scopes applied to a Linked Account are determined first by the Linked Account Scopes, with Default Scopes serving as a fallback for any that haven’t been set.

You can check the Scopes tab in your Merge Dashboard to see the various access levels per Common Model and field.

If you want to adjust the Scopes for a model, first switch the blue toggle on the top right from "Viewing" to "Editing".

Fully disabling a Common Model Scope will also disable all its associated fields. Disabled Scopes mean that Merge will no longer store any data for those models and fields. However, depending on the integration's configuration, we may still need to make requests to fetch that data. For example, if an integration returns data for multiple Common Models through a single endpoint, we will need to call that endpoint if another corresponding Common Model remains enabled.

We have an additional feature, "Redact Unmapped Data," available for enhanced data minimization. You can learn more about it here.

By default, Merge only syncs data that has changed since the last sync. However, when you enable a new scope, Merge will notify you that a full sync will occur. This means that after modifying the scopes, a more comprehensive sync will take place. During this sync, Merge will fetch all items from your linked accounts, regardless of the date of the last change. This process ensures that previously disabled fields for all items are populated. Depending on the amount of data being synchronized and the rate limits set by our integration partners, this sync may take longer than a regular sync. You can continue to work with your account data while the sync is in progress, but the newly added data will not be available for all items until the sync is complete.

Models or fields that are not actively used will be automatically disabled after 90 days of inactivity, meaning no API requests have been made to the respective model or field.

Default scopes for an organization can be overridden per Linked Account in our Dashboard under each Linked Account, or via API.

New Linked Accounts will follow the default Scopes set per category unless you explicitly override those preferences on a per Linked Account basis. Once you override a Linked Account Scopes it will be fixed unless you "reset to org default".

To give your users control over their Scopes during the linking flow, simply mark the model or field as optional in the Dashboard. Models and fields marked as optional will be enabled by default but can be disabled by your users before connecting.

You can configure scopes programmatically using our API. You can set up scopes for a specific user before or after they link. For more information, please refer to our API documentation.