Encryption in transit and at rest
All traffic served over TLS 1.2+. Data and backups encrypted at rest using AES-256.
Trust
Your operations data, properly protected
Merova is built on modern cloud infrastructure with security defaults baked in — not bolted on. Here's how we protect your SOPs, training records, and audit history.
Role-based access control
Workspace roles (Owner, Admin, Editor, Reader) plus per-binder permissions. Users only see what they're allowed to.
Row-level security
Every database query is scoped to your workspace at the database layer — not just the application — so cross-tenant access is impossible by design.
Complete audit trail
Every edit, approval, acknowledgement, and exception is timestamped and attributed. Exportable for auditors any time.
Daily backups
Encrypted daily backups with point-in-time recovery. Your data is recoverable even if you delete something by mistake.
Authentication
Email + password, magic link, and Google sign-in. Sessions are JWT-based and rotate automatically.
Reporting a security issue
If you believe you've found a vulnerability, please reach out through our contact form with the subject line "Security". We respond to all credible reports within one business day.