Last Revision Date: Feb 21, 2023
We use advanced encryption technologies to keep your data and information safe in transit (using HTTPS with a RSA 2048 bit key and a signature algorithm of SHA256 with RSA) and at rest (data is encrypted using AES-256 encryption algorithm).
We use Moov as a payment processor. We never store full credit card numbers or banking credentials anywhere on our platform - only tokens we securely send to Moov.
When collecting card numbers via our APIs, the data is encrypted in transfer and never stored on our servers or databases.
Our payment processing partner, Moov, has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
We might also use Plaid to collect your banking information. Plaid uses TLS for all information exchanges between the Plaid API, financial institutions, and us. They also encrypt sensitive data-at-rest whenever they store it using AES 256 encryption at object and volume levels.
If you have any questions or would like to report a problem you might have discovered, please reach out to security@mercoa.com