Security Policy

Last Revision Date: Feb 21, 2023

General

We use advanced encryption technologies to keep your data and information safe in transit (using HTTPS with a RSA 2048 bit key and a signature algorithm of SHA256 with RSA) and at rest (data is encrypted using AES-256 encryption algorithm).

Your Payment Information

We use Moov as a payment processor. We never store full credit card numbers or banking credentials anywhere on our platform - only tokens we securely send to Moov.

When collecting card numbers via our APIs, the data is encrypted in transfer and never stored on our servers or databases.

Our payment processing partner, Moov, has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.

We might also use Plaid to collect your banking information. Plaid uses TLS for all information exchanges between the Plaid API, financial institutions, and us. They also encrypt sensitive data-at-rest whenever they store it using AES 256 encryption at object and volume levels.

Questions and disclosures

If you have any questions or would like to report a problem you might have discovered, please reach out to security@mercoa.com