3 ways that Merge enables you to keep your clients’ data safe

Nothing is more important to us than protecting your clients’ data.

We’ve invested heavily in features and capabilities that serve this end and allow our platform to abide by the most stringent security standards and regulations. For instance, we comply with GDPR and CCPA, and we maintain certifications with HIPAA, SOC 2 Type II, and ISO 27001.  

And while our platform already provides enterprise-grade security capabilities out-of-the-box to ensure your clients’ data stays safe, we’ve invested in additional features that go above and beyond their expectations. 

You can read on to learn about some of these features.

You can learn more about our security posture by visiting our Trust Center.


As you build integrations in Merge, you’ll likely want to protect the privacy and security of your users’ data by following the principles of privacy by design; in other words, you’d only retrieve and sync the information you need.

To help you do just that, you can leverage Scopes

Scopes allows you to toggle specific objects and fields on or off in Merge through a simple-to-use UI. Any adjustments you make via Scopes will, by default, apply to all of your linked accounts (i.e. clients), but you can also customize Scopes at the linked-account level. For instance, you can pull employee banking information into Merge for one client but disable this field for other clients. This ultimately lets you provide clients with full control over how their data gets shared with us, and it allows you to personalize your clients’ data syncs.

Here’s more on how Scopes works and specific scenarios for using it:

Note: The ability to customize Scopes at the linked-account level is currently in beta. If you’re interested in accessing this capability, we recommend that you connect to your dedicated engagement manager. Also, Scopes is only available on our Professional and Enterprise plans.

Audit Trails

As you and your team use Merge to perform a host of activities on behalf of clients, you’ll likely want to know what, exactly, is performed, by whom, and when. It’s only then that you can spot security issues—among other types of issues—on time and remediate them quickly.

To help you, as the admin, oversee everything taking place in Merge, you can leverage our newly-released feature: Audit Trails. 

It shows all of the activities that take place in your organization’s Merge account and it presents the information in a way that’s intuitive and easy to analyze. 

Through a quick glance, you can find out which user performed a task and the day in which they performed it. In addition, you can uncover specific tasks and trends with ease by filtering by users, activities, and date ranges. You can even pull audit log information via our API and feed it to the security tool you use to manage logs—all but ensuring that issues become visible to the right team members quickly and get addressed on time.

On top of its functional benefits, Audit Trails addresses your clients’—more specifically, enterprise clients’—expectations from a 3rd-party integration provider. It might even be one of their non-negotiable requirements. 

Note: Audit Trails is only available to customers on our Enterprise plan. 

Multi-factor authentication

We allow you to require multi-factor authentication (MFA) for all users in your organization—ensuring that even if your username and password get compromised, an intruder can’t log in and access your clients’ data.

We support time-based, one-time password (TOTP) MFA—a randomly-generated code is provided as an authentication token—for all of our users. And for clients on our Enterprise plan, we provide security assertion markup language (SAML) single sign-on (SSO), which allows you to log into Merge via an identity and access management provider, like Okta.

Build secure integrations at scale with Merge

These security features and capabilities are just scratching the surface of what Merge provides. 

To learn more about our platform’s security posture, and to discover how we can help your organization build the customer-facing integrations your product needs, you can connect with one of our integration experts.