Security and Privacy at Mercu

Trust and confidentiality are core tenets to our approach towards our data and development.

We uphold at all times procedures and processes to maintain the integrity of internal and customer data, as well as secure development policies to create performant and reliable world-class products.

Mercu is in the process of attaining our SOC II Type 2 certification. We estimate to have obtained our certification by the end of October 2023.

In the meantime, please reach out to for additional documentation around Mercu’s vendor security and data compliance information.
Mercu’s platform and all storage and computing capabilities are built on secure, industry-leading Amazon Web Services (AWS) Cloud infrastructure, which includes 24/7 on-site physical security and camera surveillance. For additional details regarding AWS security, visit

Data submitted to Mercu by authorised users are considered confidential. All data processed to and from Mercu infrastructure are encrypted with TLS v1.2. All data is encrypted at rest using industry-standard AES-256 encryption algorithms.

Our infrastructure is continually monitored for security vulnerabilities and updates applied automatically.
The following policies and procedures are followed and enforced at Mercu:
These policies are followed by all Mercu employees and contractors, who review and accept the policies at the commencement of their employment with Mercu.
Mercu uses a number of third-party applications and services to support the delivery of our products to customers and users. Mercu’s security team has established a vendor management program that sets forth the requirements for Mercu to engage with third-party service providers.
Mercu requires all employees and contractors to sign a confidentiality agreement prior to their commencement of employment. As part of Mercu’s onboarding process, all new joiners are required to complete a security awareness training program.
Access to customer data and personally identifiable information (PII) is limited to functions that have a business requirement to do so.

All employees are required to encrypt their hard drives, and all servers and databases are inside of AWS VPC with access controls following the principle of least privilege. All employee access to systems are logged and audited for security purposes.

Access to customer data requires authentication and authorization controls, including Multi-Factor Authentication (MFA). Mercu has implemented controls to ensure the integrity and confidentiality of administrative credentials and access mechanisms.

We also maintain separate development, testing and production environments.

Time-consuming manual communication is out. Your deskless workforce needs better.

The answer is Mercu. See perfect employee engagement in action, today.
Zero cognitive overload, way lower burnout.
Get started in just a few hours.
Totally flexible to match your expanding needs.