SECURITY AND PRIVACY

1.  SECURITY AND PRIVACY
Security
Meras is designed from the ground up to safeguard your customer data in accordance with the industry’s highest standards of security and privacy.

2. CYBER SECURED
Data security at the highest level of industry standards.
Uptime
Fault-tolerant infrastructure ensures availability even during extreme demand.
‍
3. Data Centers
All data is secured in GCP - Amazon Web Services (AWS) datacenters with enterprise-grade physical and network security. Data can be stored in our EU- US-, and/or Asia-based regions, and we offer add-on single tenant hosting in any GCP & AWS region of choice.

4. Encryption
Data is encrypted at rest and in transit, and PII is protected with an additional layer of application encryption.

5. Defense in Depth
Meras maintains separate networks for webservers and databases, detects and logs access to systems, and grants unique credentials for each employee and tool.

6. Shift Left
Our developers are proactive when it comes to security and use both DAST and SAST security scanning tools.

7. Penetration Testing
Our security team conducts penetration testing every year and an automated scan on a weekly basis.

8. DATA SECURITY
SOC 2 Type II, ISO 27001, HIPAA, and GDPR
Meras adheres to industry-standard compliance frameworks, including SOC 2 Type II, ISO 27001, HIPAA, GDPR, and CCPA.
This ensures that our internal controls and processes meet and exceed requirements in securing customer data and the availability of our product infrastructure.

9. ACTIVE DEFENSE
Bug Bounty and Vulnerability DisclosureMeras maintains a vulnerability disclosure program on approved asset scopes.


You can contact us for more information or report vulnerabilities to security@meras.dev.



By submitting a security bug or vulnerability to Meras, you acknowledge that you agree to all VDP policies and may not disclose publicly or to any third-parties the findings of any security research without Meras's prior written approval.

‍Last Updated: February 2024