top of page
Stretched BW 13.jpg

Security and Privacy

We understand how critical security, privacy, and reliability are to end-users of the solution so Mercuricall constantly reviews and improves security and compliance based on the needs of our global clients and the specific requirements of many industries and various existing and emerging standards.

Mercuricall is committed to ensuring solutions are secure and reliable. We maintain a state-of-the-art multi-tenant architecture with strict compliance and high availability standards. We work closely with Partners to ensure confidentiality, integrity, and availability of your data.

ICON 45.png
Comprehensive Security, Privacy & Compliance

Mercuricall maintains a comprehensive security, privacy and compliance program to manage risks for you and your customers through ongoing oversight and monitoring.

Comprehensive Security and Compliance

We support compliance with standards and regulations globally. We will work with you to achieve compliance for any of the following: GDPR, ISO 27001, SOC II, PCI, HIPAA and FedRAMP

Global IT Security, Privacy and Compliance Team

Mercuricall embraces continuous process improvement to ensure that our product is based on the latest technology that is developed and maintained by our dedicated Engineering, Cybersecurity, and Privacy teams

Our team is highly accomplished, experienced in delivering global, mission-critical solutions. We hold professional security and compliance certifications from a variety of industry associations and organizations.

Data Protection and Data Privacy

We take data protection and data privacy regulations seriously and work with legal advice locally to be up to date with trends on data privacy.

Our applications interact with cloud servers over Transport Layer Security (TLS) transmission to ensure the highest level of security.

We leverage third-party partners to perform external physical penetration testing. Access to data in the multi-tenant environment is protected through access tokens and internal controls.

Our software is configured to allow tenants to store confidential data, such as call recordings, on their own preferred data location to leverage their investments in managed security. Storage options include AWS S3, Azure Blob, Google Cloud, or Secure FTP.
Web sessions are encrypted between your browser and the Mercuricall network.

WebRTC sessions are encrypted end-to-end with the option to do the same for hardware devices.
Data-at-rest encryption is available based on system administration configuration.

ICON 25.png
Unified Secure Architecture

Mercuricall's multi-tenant SaaS architecture provides the ultimate solution for Contact Center as a Service (CCaaS) security, privacy and compliance for our partners.

Access Control and Physical Security

Partners may choose to host the solution in their own private cloud or a public cloud infrastructure. 

We select data centres with a five-layer defense approach to provide comprehensive protection with 24-hour manned security and access restricted to select personnel. Video surveillance, motion detectors, and alarms are located throughout each facility.

Application Security

Unique usernames and no pattern-based passwords are required to access the application and multi-factor authentication (MFA) is required.

The application supports Single Sign-On, which requires clients to be authenticated via their identity provider with SAML assertions.


The application is entirely role-driven, only seeing what they have been given permission to see.

Carrier Networks

Partners have options for carrier networks. We integrate to carriers in a two-pronged approach; a secure API interface to provision and configure network resources, and secure SIP trunking configurations defined by the local system administrator.


We look for carrier networks that support:
24x7 monitoring by a team of Network Operations Technications
Site locations with firewalls and traffic monitoring
Vulnerability and policy scans performed weekly internal and external ISO 27001 certification
Security logs collected and stored for one year with real-time alerting

Resilient Cloud Services

Architected to support hundreds of tenants and tens of thousands of users simultaneously, while maintaining high availability.
Redundant core micro-service deployments that can be configured to work across geographic locations.

bottom of page