Security | Mercury 91

Security is built into MERCURY from day one. We use modern protections across our product, infrastructure, and operations to keep your data safe—without revealing vendor details.

Data Protection

Encryption in transit for all traffic
Encrypted storage for user data with tightly scoped access
Secrets isolated in environment-managed storage with least-privilege controls
Regular dependency updates and patching to reduce exposure

Account & Access Controls

Token-based authentication with session protections and expiry
Strong credential handling and sign-in safeguards
Role- and principle-of-least-privilege access for internal tools
Session monitoring to detect unusual or abusive access patterns

Monitoring & Abuse Protection

Security-focused request logging with anomaly signals for investigation
Rate limiting and throttling on APIs to curb abuse
Suspicious traffic detection to flag potential threats
Continuous visibility into service health and error patterns

Infrastructure & Reliability

Hardened environments with restricted administrative access
Isolated environments for development and production workloads
Backups for critical data with defined recovery procedures
Change management and reviews for production-impacting updates

Incident Response

We monitor for security issues and follow a clear response playbook to investigate, contain, and communicate when needed:

Rapid triage and threat assessment
Containment and remediation steps tailored to the incident
User notification when required
Post-incident reviews to improve safeguards

Reporting Security Issues

If you discover a security vulnerability, please report it to us at hello@mercury91.com. We appreciate your help in keeping MERCURY secure.