Trusted by
Thousands of Developers

Mergify would not exist without the trust of its users, and we take it seriously. That's why we apply security best practices for all of our processes.
Access our Trust Report

Secure at Every Level

We constantly improve our security, audit, and compliance, exceed in the standard on any occasion.


Mergify is GDPR compliant We provide our users control over the data they share and relies on Standard Contractual Clauses (SCCs) and extends them to all of our customers.

Data Privacy

Mergify provides a high standard of privacy protection to all developers and customers.We do this through significant investments in platform security, incident response, and anti-abuse.


Mergify offers AICPA System and Organization Controls (SOC) SOC 2 Type 2 reports. Ask access your customer representative to access them.

Safe and Secure by Design

Security is at the core of everything we do. The last thing we want is for you to worry about the security of your data. That’s our job.


Security is a shared responsibilities. Mergify provides support to its customers' security and risk teams. We partner with procurement teams to provide information needed to determine risks and understand our compliance and security posture.

Secure Products

We invest in secure software design practices. We embed security expertise and capabilities into every phase of our Software Development Lifecycle. Through developer training, the creation of components that form a secure foundation to build on, automated code analysis, in-depth threat modeling, and security code review and testing, we prevent vulnerabilities as early as possible in the development lifecycle.

Bug Bounty

Mergify runs a bug bounty program where security researcher can report any vulnerability they find. While the program is currently private, you can request an invitation to report any security issue you discovered.

HackerOne Bug Bounty

Mergify hosts a Public Bug Bounty Program with HackerOne.

Join the Program

If you're an independent security expert or researcher and you'd like to put Mergify to the test, or you think you've discovered a security issue on our platform, join our public Bug Bounty Program with HackerOne.
To do so, follow the link below.
Join our Bug Bounty Program