Security and Privacy

At Mercu, we treat security and privacy as a mindset, not a checklist.

We uphold at all times procedures and processes to maintain the integrity of internal and customer data, as well as secure development policies to create performant and reliable world-class products.

For more details, please email security@mercu.com.

At Mercu, we treat security and privacy as a mindset, not a checklist!

Mercu is a SOC II Type 2 certified organisation - this means that our services, systems and practices is at the level of, and above the industry standard.

For a copy of our SOC II report, please reach out to support@mercu.com or speak to one of our founders.

As of November 2023, Mercu is SOC 2 Type 2 certified.

For a copy of both our SOC 2 Type 2 report and our latest grey-box pen-test, please reach out to security@mercu.com.
Mercu’s platform and all storage and computing capabilities are built on secure, industry-leading Amazon Web Services (AWS) Cloud infrastructure, which includes 24/7 on-site physical security and camera surveillance. For additional details regarding AWS security, visit https://aws.amazon.com/security/.

Data submitted to Mercu by authorised users are considered confidential. All data processed to and from Mercu infrastructure are encrypted with TLS v1.2. All data is encrypted at rest using industry-standard AES-256 encryption algorithms.

Our infrastructure is continually monitored for security vulnerabilities and updates applied automatically.

Mercu’s platform and all storage and computing capabilities are built on secure, industry-leading Amazon Web Services (AWS) Cloud infrastructure, which includes 24/7 on-site physical security and camera surveillance. For additional details regarding AWS security, visit https://aws.amazon.com/security/.

Data submitted to Mercu by authorised users are considered confidential. All data processed to and from Mercu infrastructure are encrypted with TLS v1.2. All data is encrypted at rest using industry-standard AES-256 encryption algorithms.

Our infrastructure is continually monitored for security vulnerabilities and updates applied automatically.

The following policies and procedures are followed and enforced at Mercu:

  • Access Control Policy
  • Asset Management Policy
  • Business Continuity and Disaster Recovery Plan
  • Code of Conduct
  • Cryptography Policy
  • Data Management Policy
  • Human Resource Security Policy
  • Incident Response Plan
  • Information Security Policy
  • Information Security Roles and Responsibilities
  • Operations Security Policy
  • Physical Security Policy
  • Risk Management Policy
  • Secure Development Policy
  • Third-Party Management Policy

These policies are followed by all Mercu employees and contractors, who review and accept the policies at the commencement of their employment with Mercu.

For a copy of these policies, please reach our to support@mercu.com.

The following policies and procedures are followed and enforced at Mercu:
These policies are followed by all Mercu employees and contractors, who review and accept the policies at the commencement of their employment with Mercu.

Mercu uses a number of third-party applications and services to support the delivery of our products to customers and users. Mercu’s security team has established a vendor management program that sets forth the requirements for Mercu to engage with third-party service providers.

Mercu uses a number of third-party applications and services to support the delivery of our products to customers and users. Mercu’s security team has established a vendor management program that sets forth the requirements for Mercu to engage with third-party service providers.

Mercu requires all employees and contractors to sign a confidentiality agreement prior to their commencement of employment.

As part of Mercu’s onboarding process, all new joiners are required to complete a security awareness training program.

Mercu requires all employees and contractors to sign a confidentiality agreement prior to their commencement of employment. As part of Mercu’s onboarding process, all new joiners are required to complete a security awareness training program.

Access to customer data and personally identifiable information (PII) is limited to functions that have a business requirement to do so.

All employees are required to encrypt their hard drives, and all servers and databases are inside of AWS VPC with access controls following the principle of least privilege. All employee access to systems are logged and audited for security purposes.

Access to customer data requires authentication and authorization controls, including Multi-Factor Authentication (MFA). Mercu has implemented controls to ensure the integrity and confidentiality of administrative credentials and access mechanisms.

We also maintain separate development, testing and production environments.

Access to customer data and personally identifiable information (PII) is limited to functions that have a business requirement to do so.

All employees are required to encrypt their hard drives, and all servers and databases are inside of AWS VPC with access controls following the principle of least privilege. All employee access to systems are logged and audited for security purposes.

Access to customer data requires authentication and authorization controls, including Multi-Factor Authentication (MFA). Mercu has implemented controls to ensure the integrity and confidentiality of administrative credentials and access mechanisms.

We also maintain separate development, testing and production environments.

Time-consuming manual communication is out. Your deskless workforce needs better.

The answer is Mercu. See perfect employee engagement in action, today.
Streamline comms and training workflows with AI.
Automate the delivery of onboarding and training.
Gain actionable insights with real-time analytics.
Ensure accessibility and quick adoption via chat-based delivery.
Increase productivity and reduce errors with AI.