Trust Center

Mercura security, compliance, and legal documentation.

ISO 27001-informed practices Hosted on ISO 27001-certified infrastructure Supports GDPR compliance

SaaS Terms & Conditions

Our standard terms for cloud service usage.

  • Read Online
  • Download PDF
  • Template provided for informational purposes only. Signed copies available upon request.
Version: 1.2 Last reviewed: 2024-02-14 Owner: Mercura Legal Team

Data Processing Agreement (DPA)

Our commitment to data privacy and GDPR compliance.

  • Read Online
  • Download PDF
  • Template provided for informational purposes only. Signed copies available upon request.
Version: 1.2 Last reviewed: 2024-02-14 Owner: Mercura Legal Team

Service Level Agreement (SLA)

Our definition of service uptime guarantees and support response times.

Version: 1.2 Last reviewed: 2024-02-14 Owner: Mercura Legal Team

Security Practices

We implement robust security controls across our organization to ensure the confidentiality, integrity, and availability of your data.

  • Access Control: strict Role-Based Access Control (RBAC) is enforced across all internal production systems.
  • Authentication: Multi-Factor Authentication (MFA) is mandatory for all administrative access.
  • Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Incident Handling: Security incidents are managed through documented internal response procedures.
  • Vulnerability Assessments: We conduct regular automated vulnerability scans of our infrastructure and dependencies.
Version: 1.2 Last reviewed: 2024-02-14 Owner: Mercura Security Team

shared-responsibility

Shared Responsibility Model

Mercura Responsibilities

  • Application security & patching
  • Infrastructure management
  • Database encryption & backups
  • Physical security (via providers)

Customer Responsibilities

  • User account & password management
  • Role assignment & permissions
  • Endpoint device security
  • Data classification

For IT & Security Teams

Detailed security policies and internal procedures including backup strategies, incident response plans, and vendor risk assessment materials are available for enterprise review upon request.

Request Security Documentation

Hosting & Data Residency

Primary Hosting: Hetzner Online GmbH Locations: Germany (Nuremberg/Falkenstein) and Finland (Helsinki).

Asset Storage: AWS S3 Locations: Frankfurt (eu-central-1) and Ireland (eu-west-1).

All customer data is processed and stored exclusively within the European Union.

Version: 1.2 Last reviewed: 2024-02-14 Owner: Mercura Infrastructure Team

Architecture Overview

Mercura utilizes a stateless application architecture with managed PostgreSQL databases for high availability.

For a detailed technical breakdown, please refer to our Security & Infrastructure page.

View Technical Architecture

Version: 1.2 Last reviewed: 2024-02-14 Owner: Mercura Infrastructure Team

Uptime Commitment

Mercura provides a platform availability target of 99.9% measured monthly, excluding scheduled maintenance.

View Status Page

Version: 1.2 Last reviewed: 2024-02-14 Owner: Mercura Infrastructure Team

Subprocessor List

Subprocessor
Purpose
Data Location
Hetzner Online GmbH
Application Hosting
Germany / Finland
Amazon Web Services (AWS)
Asset Storage (S3)
Frankfurt / Ireland
Cloudflare
CDN & WAF
EU
Uploadcare
File Uploads
EU
Plausible Analytics
Web Analytics
EU (Self-Hosted)
n8n
Integration Workflows
EU

This information is provided for general informational purposes only and does not constitute legal advice. Mercura reserves the right to modify these policies at any time. For official signed copies of legal documents, please contact our legal team.