Security is Our Priority

We’re committed to security and keeping data 100% protected.


We have received a SOC 2 Type II report demonstrating that we have the appropriate controls in place to mitigate the risks related to security, availability, and confidentiality.

Mesh Payments is committed to carrying out an annual SOC 2 audit.

Data Privacy (GDPR & CCPA)

Our products comply with global data protection and privacy laws that apply to both us and our customers, such as the GDPR. Although we are not required to follow the CCPA requirements, we protect personal information on behalf of our customers as it relates to CCPA.

Here are some of the security measures we're taking to keep your data secure:



All of our services run in the cloud. We don’t host or run our own network devices, application load balancers, or physical servers.

Our service is built on Amazon Web Services (AWS). They provide strong security measures to protect our infrastructure and are compliant with most certifications.


Application Security Monitoring

We use an industry-leading cloud-native monitoring solution to get visibility into our application security, identify attacks and respond quickly to a data breach.

We use technologies to monitor exceptions, logs and detect anomalies in our applications.

We collect and store logs to provide an audit trail of our applications activity.


Least Privileges and Audit Logging

As standard best practice, we adhere to the notion of least privileges, whereby only a small subset of personnel have the means to view your data, and only when needed to support you. Our authorized personnel sign a Non-Disclosure and Confidentiality Agreement to protect our customers sensitive information.

Naturally, all data access is logged and monitored for audit purposes too.


External Auditing

On an annual basis, Mesh is audited by a large external firm (KPMG) to ensure we continue to meet and exceed the requirements of SOC 2, a compliance standard. We ensure that all of our partners have current SOC 2 reports too.


WAF and DDoS Protection

Mesh Payments uses an industry leading firewall provider to protect against distributed denial- of-service (DDoS) attacks and attempted intrusions into our systems.


PCI Compliance

Mesh Payments is PCI compliant. We recognize the need for the highest security available to protect our merchants and their customers.

In compliance with PCI Data Security Standards, we have met and surpassed all requirements set forth as a Level 1 Service Provider.


Multi Factor Authentication

Mesh Payments leverages automated systems to proactively prevent account takeover attempts and other malicious requests. We require all accounts to opt into multi factor authentication and immediately verify suspicious activity with the business owner.

We require multi-factor authentication (MFA) for all company administrators with access to sensitive company information and controls.


SAML SSO Account Protection

Access to our platform is only allowed through a Single Sign-On provider such as Okta. 

We also support SSO through your identity provider (i.e. Microsoft Azure AD, Google Workspace) leveraging SAML technology.



All communication between a user’s device happens through industry-standard encrypted HTTPS connections.

All data is transmitted with encryption-in-transit using Transport Layer Security (TLS). Furthermore, all data stored by mesh payments is encrypted at rest with AES-256, block-level storage encryption.



Where possible within databases, we also leverage in-field encryption to protect particularly sensitive data.

Mesh uses tokenization to protect your card and CVV numbers.

Responsible Disclosure

We encourage everyone that practices responsible disclosure and comply with our policies and terms of service to report us any vulnerabilities they might discover.

You can report vulnerabilities by contacting

You can read our Vulnerability Disclosure Policy here.

Want to Learn More?