Security at MergeYard
We build security into everything we do. Your data protection is our top priority.
Infrastructure Security
- All data is encrypted in transit using TLS 1.2+ and at rest using AES-256
- Infrastructure hosted on enterprise-grade cloud platforms with SOC 2 compliance
- Network isolation and firewall rules restrict access to production systems
- Regular security patches and automated vulnerability scanning
Application Security
- Secure authentication with industry-standard protocols
- Role-based access control for all platform features
- Input validation and output encoding to prevent injection attacks
- Regular penetration testing and code security reviews
- Security headers enforced on all web traffic (HSTS, CSP, X-Frame-Options)
Data Protection
- Customer data is logically isolated between organizations
- Minimal data collection — we only store what is necessary for the service
- Data retention policies aligned with customer requirements
- Secure data deletion upon account termination
Operational Security
- All access to production systems requires multi-factor authentication
- Comprehensive audit logging of administrative actions
- Incident response procedures with defined escalation paths
- Employee security training and background checks
Availability
- 99.9% uptime target with redundant infrastructure
- Automated health monitoring and alerting
- Disaster recovery procedures with regular testing
- Transparent status communication during incidents
Security Questions?
If you have questions about our security practices or need to report a security vulnerability, please contact us.