Security & Trust

The Foundation of Our Commitment to Customers

As a trusted leader in the digital lending space, security is in our DNA. We maintain a robust information security program to ensure the ongoing protection of our applications, networks, and systems. We take the security of the data entrusted to us by our customers very seriously, as well as the continued availability of our platforms.”

Kevin Patel, Chief Information Security Officer, MeridianLink

Secure by Design

Security isn’t just a feature of MeridianLink® technology—it’s an essential building block. Our dedicated security team employs industry-accepted best practices and frameworks to ensure that our systems and your data remain protected. Learn more about our security architecture and practices focused on governance, risk management, and compliance.

Compliance & Privacy

We maintain a comprehensive security program designed to protect the confidentiality, integrity, and availability of customer data. This includes an annual SOC 2 Type II audit and PCI DSS audit. Read our Privacy Policy to learn more about how we secure data.

Scalability & Reliability

MeridianLink infrastructure takes advantage of the latest technologies to ensure our products are reliable and can scale with our customers’ organizations. We maintain a strict maintenance cycle during non-peak hours to ensure consistent, stable delivery. Please visit the MeridianLink Status page for real-time updates and consider subscribing to receive proactive notifications.

Annual Security Audits

AICPA SOC 2 Type II

Our annual SOC 2 Type II audit affirms that our internal controls effectively safeguard customer data.

PCI DSS

We maintain PCI DSS compliance, adhering to policies and procedures that protect credit, debit, and cash card transactions.

Security & Trust FAQ

Yes. MeridianLink has an information security program headed by the chief information security officer (CISO). The MeridianLink Information Security team is charged with maintaining the program and securing MeridianLink.

Yes. Our information security program is based on the NIST Cybersecurity Framework and ISO 27001.

Log in to the Support portal to access a self-service download of the most recent documentation.

Yes. MeridianLink utilizes co-location data centers and public cloud providers to host MeridianLink servers.

Yes. MeridianLink participates in annual SOC 2 Type II and PCI DSS audits.

Yes. Our security and compliance efforts are guided and monitored by our CISO and Security team, which includes security analysts, engineers, GRC analysts, and architects.

MeridianLink uses the following methods to encrypt customer data:

  • Data at rest is encrypted using AES-256.
  • Data in transit across open networks is encrypted using TLS 1.3 (at minimum TLS 1.2).
  • User passwords are salted and hashed.

MeridianLink leverages a hybrid infrastructure environment. Our products are hosted in
on-premises data centers as well as on Microsoft Azure and Amazon Web Services (AWS) infrastructure across multiple availability zones, with a disaster recovery (DR) site established in a different region. These data centers employ leading physical and environmental security measures, resulting in highly resilient infrastructure.

Reporting a Security Vulnerability

We maintain a private bug bounty program with a leading provider of crowdsourced ethical hackers. If you find a security vulnerability in any of our products, please submit a report. If you have a security issue or question, please contact us at security@meridianlink.com.