Security Posture
We employ a defense-in-depth strategy, securing our infrastructure, data, and applications by design.
Data Security
Encryption in Transit: All data transmitted between you and Mecverse, and between Mecverse internal services, is encrypted using TLS 1.2 or higher.
Encryption at Rest: All persistent data (databases, backups, logs) is encrypted at rest using AES-256 standards.
Key Management: We utilize strict key rotation policies separate from data storage systems.
Access Control
Least Privilege: Access to production environments is restricted to authorized engineers on a strictly need-to-know basis.
Authentication: We enforce Multi-Factor Authentication (MFA) and hardware keys for all internal access.
Audit Logs: All administrative actions are logged and retained for review.
Application Security
Penetration Testing: We conduct regular third-party penetration tests and internal vulnerability scans.
Code Review: Every change to our codebase requires peer review and automated static analysis (SAST) checks before merging.
Dependency Management: We automatically scan dependencies for known CVEs.
"Security is never 'done'. It is a continuous process of vigilance, update, and improvement. We are committed to maintaining industry-leading security practices."