Protecting your data is core to everything we build. Here's how we keep your account, your audiences, and your campaigns safe.
All data is encrypted in transit with TLS 1.2+ and at rest with AES-256.
Aligned with SOC 2 Type II controls and GDPR data-protection requirements.
Continuous monitoring, logging, and automated alerting across our infrastructure.
Merko runs on enterprise-grade cloud infrastructure with physical and network security managed by leading providers. Our environments are isolated, hardened, and deployed across multiple availability zones for high availability.
We follow the principle of least privilege. Access to production systems is restricted, logged, and reviewed regularly. Internal access requires multi-factor authentication and is granted only to personnel who need it to perform their roles.
Customer authentication is backed by industry-standard protocols. Our MCP server uses OAuth 2.0 with PKCE, and we support secure token handling so AI clients can connect without sharing long-lived credentials. See the documentation for details.
Need a copy of our security documentation or a DPA? Email security@merko.ai and our team will help.
We perform automated, encrypted backups and routinely test our recovery procedures. Our architecture is designed for redundancy so a single point of failure does not interrupt your service.
We welcome reports from security researchers. If you believe you've found a vulnerability, please report it to security@merko.ai. We ask that you give us reasonable time to investigate and remediate before any public disclosure.
For any security-related questions, reach our team at security@merko.ai or via our contact page.