Security by Design

Our dedicated security team leverages industry-accepted best practices and frameworks to secure our systems and your data. Learn more about our security architecture and practices focused on governance, risk management, and compliance.

Learn More


Compliance & Privacy

We maintain a comprehensive security program designed to protect the confidentiality, integrity, and availability of client data. This includes an annual SOC 2 Type 2 audit and PCI DSS audit. Read our Privacy Policy to learn more about how we secure data.

Read Policy

Scalability & Reliability

Our infrastructure takes advantage of the latest technologies to ensure our products are reliable and scale with our customers’ businesses. We maintain a strict maintenance cycle during non-peak hours to ensure consistent, stable delivery. Please visit the MeridianLink Statuspage for real-time updates and consider subscribing to receive pro-active notifications.

View Statuspage


Annual Security Audits


AICPA SOC 2 Type 2

With our annual SOC 2 Type 2 audit, we affirm that our internal controls effectively safeguard customer data.



We maintain PCI DSS compliance, adhering to policies and procedures that protect credit, debit, and cash card transactions.

Security & Trust FAQ

Does MeridianLink have an information security program?
Yes. MeridianLink has an information security program headed by the Chief Information Security Officer (CISO). The MeridianLink Information Security Team is charged with maintaining the program and securing MeridianLink.
Is the program aligned to industry standards?
Yes. Our information security program is based on the NIST Cybersecurity Framework and ISO 27001.
How do I get a copy of MeridianLink’s due diligence documentation?
Log in to the support portal to access a self-service download of the most recent documentation.
Does MeridianLink rely on any third parties?

Yes. MeridianLink utilizes co-location data centers and public cloud providers to host MeridianLink servers.

Does MeridianLink undergo third-party audits?

Yes. MeridianLink participates in annual SOC 2 and PCI DSS audits.

Does MeridianLink have a dedicated Security team?
Yes. Our security and compliance efforts are guided and monitored by our CISO and Security Team, which is comprised of security analysts, engineers, GRC analysts, and architects.
What methodologies are used to encrypt MeridianLink customer data?

MeridianLink uses the following methods to encrypt customer data:

  • Data at rest is encrypted using AES-256.
  • Data in transit across open networks is encrypted using TLS 1.3 (at minimum TLS 1.2).
  • User passwords are salted and hashed.
Where are MeridianLink data centers located?

MeridianLink leverages a hybrid infrastructure environment. Our products are hosted in on-premises data centers as well as on Microsoft Azure and Amazon Web Services infrastructure across multiple Availability Zones, with a DR site established in a different region. These data centers employ leading physical and environmental security measures, resulting in highly resilient infrastructure.

Reporting a Security Vulnerability

We maintain a private bug bounty program with a leading provider of crowdsourced ethical hackers. If you find a security vulnerability in any of our products, please submit a report. If you have a security issue or question, please contact us at

Submit Report