Security
Meritly AI handles sensitive personal data — resumes, contact details, employment histories. We treat that responsibility seriously. Security is built into every layer of the platform, not bolted on afterwards.
All resume data, candidate profiles, and hiring information is encrypted at rest using AES-256 and in transit using TLS 1.3. No plaintext data is ever stored.
Meritly AI runs on AWS with strict VPC isolation, private subnets, and no public-facing database access. Resume files are stored on S3 with server-side encryption and pre-signed URL access only.
Every piece of data — candidates, jobs, chat sessions — is scoped to your company. Strict tenant isolation ensures no data leaks between organisations, enforced at the database query level.
Every action taken in Meritly AI — shortlisting, status changes, chat interactions, exports — is logged with timestamps and user attribution. Your compliance team will love it.
Candidate data is processed and stored only for the purpose of your active hiring. We do not share, sell, or use candidate resumes to train external models.
Our infrastructure and processes are designed with SOC2 Type II compliance in mind — access controls, change management, incident response, and continuous monitoring.
All data is stored in AWS us-east-1 by default. Enterprise customers can request a different region. We do not store data outside AWS managed services.
Resume parsing uses Google Gemini via the API. We do not opt in to data training by Google. Resume content sent for parsing is not stored by Google beyond the API request lifecycle.
Found a security issue? We take disclosures seriously and respond within 24 hours. Please reach out to security@meritlyai.com.
Our team is happy to discuss your specific requirements, provide documentation, or walk through our security architecture.
Contact us