undraw_secure_server_re_8wsq.svg

Trusted by thousands of developers

Mergify would not exist without the trust of its users, and we take it seriously. That's why we apply security best practices for all of our processes.

Secure at every level

We constantly improve our security, audit, and compliance, exceed in the standard on any occasion.

GDPR

Mergify is GDPR compliant We provide our users control over the data they share and relies on Standard Contractual Clauses (SCCs) and extends them to all of our customers.

Data privacy

Mergify provides a high standard of privacy protection to all developers and customers.
We do this through significant investments in platform security, incident response, and anti-abuse.

SOC 2

Mergify offers AICPA System and Organization Controls (SOC) SOC 2 Type 2 reports. Ask access your customer representative to access them.

Safe and secure by design

Security is at the core of everything we do. The last thing we want is for you to worry about the security of your data. That’s our job.

Customers

Security is a shared responsibilities. Mergify provides support to its customers' security and risk teams. We partner with procurement teams to provide information needed to determine risks and understand our compliance and security posture.

Secure Products

We invest in secure software design practices. We embed security expertise and capabilities into every phase of our Software Development Lifecycle. Through developer training, the creation of components that form a secure foundation to build on, automated code analysis, in-depth threat modeling, and security code review and testing, we prevent vulnerabilities as early as possible in the development lifecycle.

Bug Bounty

Mergify runs a bug bounty program where security researcher can report any vulnerability they find.

While the program is currently private, you can request an invitation to report any security issue you discovered.

Got security questions?

Get in touch with our Security Team

CleanShot 2022-10-13 at 17.58.31.png

Bug Bounty

Mergify hosts its private Bug Bounty program with HackerOne. If you’re an independent security expert or researcher and believe you’ve discovered a security-related issue on our platform, we appreciate you disclosing the issue to us responsibly, and thank you for your time and expertise.

If you want to participate in our private Bug Bounty Program, send us an email at security@mergify.com with your HackerOne username or the email you want an invitation for.