Mergify would not exist without the trust of its users, and we take it seriously. That's why we apply security best practices for all of our processes.
We constantly improve our security, audit, and compliance, exceed in the standard on any occasion.
Mergify is GDPR compliant We provide our users control over the data they share and relies on Standard Contractual Clauses (SCCs) and extends them to all of our customers.
Mergify provides a high standard of privacy protection to all developers and customers.
We do this through significant investments in platform security, incident response, and anti-abuse.
Mergify offers AICPA System and Organization Controls (SOC) SOC 2 Type 2 reports. Ask access your customer representative to access them.
Security is at the core of everything we do. The last thing we want is for you to worry about the security of your data. That’s our job.
Security is a shared responsibilities. Mergify provides support to its customers' security and risk teams. We partner with procurement teams to provide information needed to determine risks and understand our compliance and security posture.
We invest in secure software design practices. We embed security expertise and capabilities into every phase of our Software Development Lifecycle. Through developer training, the creation of components that form a secure foundation to build on, automated code analysis, in-depth threat modeling, and security code review and testing, we prevent vulnerabilities as early as possible in the development lifecycle.
Mergify hosts its private Bug Bounty program with HackerOne. If you’re an independent security expert or researcher and believe you’ve discovered a security-related issue on our platform, we appreciate you disclosing the issue to us responsibly, and thank you for your time and expertise.
If you want to participate in our private Bug Bounty Program, send us an email at email@example.com with your HackerOne username or the email you want an invitation for.