Security

Security is foundational to everything we build at PartnerMesh. Our platform handles sensitive business data on behalf of hundreds of companies, and we treat that responsibility with the utmost seriousness.

We take a defense-in-depth approach, implementing multiple layers of security controls at the application, infrastructure, and organizational levels. No single point of failure can compromise the integrity of your data.

Our security program is continuously reviewed and updated to address emerging threats, industry best practices, and evolving compliance requirements.

In Transit: All data transmitted between your browser, our APIs, and our infrastructure is encrypted using TLS 1.3. We enforce HTTPS across all endpoints and reject older, insecure protocols.

At Rest: All data stored in our databases and object storage is encrypted using AES-256. Encryption keys are managed through a dedicated key management service with strict rotation policies.

CRM Data Hashing: CRM identifiers are processed using one-way cryptographic hash functions before entering our system. Raw contact data never touches our servers — only the resulting hashes are stored and compared.

Access to production systems is restricted to a small number of authorized personnel, all of whom undergo background checks and security training prior to access being granted.

We enforce multi-factor authentication (MFA) for all internal systems and require hardware security keys for privileged access. All access is logged, reviewed, and subject to regular audits.

Customer data is logically isolated using row-level security policies. No employee can access customer data without a documented, business-justified reason and manager approval.

We follow the principle of least privilege throughout our system design — every service, user, and process receives only the permissions strictly necessary to perform its function.

PartnerMesh is hosted on AWS in multiple availability zones, providing high availability and geographic redundancy. We leverage AWS's extensive security certifications and physical data center controls.

Our infrastructure is defined as code and deployed through automated pipelines, eliminating manual configuration drift. All changes to production infrastructure go through peer review and automated security scanning.

• Network segmentation with private subnets for all backend services
• Web Application Firewall (WAF) protecting all public endpoints
• DDoS protection at the edge via AWS Shield
• Automated vulnerability scanning of all container images before deployment
• Real-time security event monitoring and alerting via SIEM

SOC 2 Type II: We maintain SOC 2 Type II certification, audited annually by an independent third-party auditor. Our report covers Security, Availability, and Confidentiality trust service criteria.

GDPR: We comply with the General Data Protection Regulation for all EU personal data. See our GDPR page for details on your rights and our data processing practices.

CCPA: We comply with the California Consumer Privacy Act for California residents. You can exercise your CCPA rights by contacting privacy@partnermesh.ai.

Our compliance documentation, including our SOC 2 report, is available to customers and prospects under NDA. Contact your account manager or security@partnermesh.ai to request access.

We welcome responsible disclosure of security vulnerabilities. If you believe you have found a security issue in PartnerMesh, we encourage you to report it to us before public disclosure.

We commit to acknowledging your report within 24 hours, providing regular status updates as we investigate and remediate, and not taking legal action against researchers who act in good faith.

To report a vulnerability, please email security@partnermesh.ai with a detailed description of the issue, steps to reproduce, and your assessment of potential impact. We will work with you to validate and resolve the issue promptly.

We do not currently operate a paid bug bounty program, but we recognize significant contributions in our security acknowledgments page.

For security-related inquiries, vulnerability reports, or to request our security documentation:

Email: security@partnermesh.ai

PGP Key: Available on our security page for encrypted communications

Response SLA: We acknowledge all security reports within 24 hours