Security and Privacy
We understand how critical security, privacy, and reliability are to end-users of the solution so Mercuricall constantly reviews and improves security and compliance based on the needs of our global clients and the specific requirements of many industries and various existing and emerging standards.
Mercuricall is committed to ensuring solutions are secure and reliable. We maintain a state-of-the-art multi-tenant architecture with strict compliance and high availability standards. We work closely with Partners to ensure confidentiality, integrity, and availability of your data.

Comprehensive Security, Privacy & Compliance
Mercuricall maintains a comprehensive security, privacy and compliance program to manage risks for you and your customers through ongoing oversight and monitoring.
Comprehensive Security and Compliance
We support compliance with standards and regulations globally. We will work with you to achieve compliance for any of the following: GDPR, ISO 27001, SOC II, PCI, HIPAA and FedRAMP
Global IT Security, Privacy and Compliance Team
Mercuricall embraces continuous process improvement to ensure that our product is based on the latest technology that is developed and maintained by our dedicated Engineering, Cybersecurity, and Privacy teams
Our team is highly accomplished, experienced in delivering global, mission-critical solutions. We hold professional security and compliance certifications from a variety of industry associations and organizations.
Data Protection and Data Privacy
We take data protection and data privacy regulations seriously and work with legal advice locally to be up to date with trends on data privacy.
Our applications interact with cloud servers over Transport Layer Security (TLS) transmission to ensure the highest level of security.
We leverage third-party partners to perform external physical penetration testing. Access to data in the multi-tenant environment is protected through access tokens and internal controls.
Our software is configured to allow tenants to store confidential data, such as call recordings, on their own preferred data location to leverage their investments in managed security. Storage options include AWS S3, Azure Blob, Google Cloud, or Secure FTP.
Web sessions are encrypted between your browser and the Mercuricall network.
WebRTC sessions are encrypted end-to-end with the option to do the same for hardware devices.
Data-at-rest encryption is available based on system administration configuration.

Unified Secure Architecture
Mercuricall's multi-tenant SaaS architecture provides the ultimate solution for Contact Center as a Service (CCaaS) security, privacy and compliance for our partners.
Access Control and Physical Security
Partners may choose to host the solution in their own private cloud or a public cloud infrastructure.
We select data centres with a five-layer defense approach to provide comprehensive protection with 24-hour manned security and access restricted to select personnel. Video surveillance, motion detectors, and alarms are located throughout each facility.
Application Security
Unique usernames and no pattern-based passwords are required to access the application and multi-factor authentication (MFA) is required.
The application supports Single Sign-On, which requires clients to be authenticated via their identity provider with SAML assertions.
The application is entirely role-driven, only seeing what they have been given permission to see.
Carrier Networks
Partners have options for carrier networks. We integrate to carriers in a two-pronged approach; a secure API interface to provision and configure network resources, and secure SIP trunking configurations defined by the local system administrator.
We look for carrier networks that support:
24x7 monitoring by a team of Network Operations Technications
Site locations with firewalls and traffic monitoring
Vulnerability and policy scans performed weekly internal and external ISO 27001 certification
Security logs collected and stored for one year with real-time alerting
Resilient Cloud Services
Architected to support hundreds of tenants and tens of thousands of users simultaneously, while maintaining high availability.
Redundant core micro-service deployments that can be configured to work across geographic locations.