Mesh provides a trusted, secure, and audited solution backed by a team with decades of experience delivering secure, highly available infrastructure. We combine operational, application, and infrastructure-level controls to protect client and end-user data at every layer.
Mesh is SOC 2 Type II certified, and undergoes regular audits and penetration testing with third-party security firms.
Mesh has implemented a robust security program designed to provide a trustworthy platform for connecting exchanges, wallets, and payment service providers. Our approach is proactive, adaptive, and built on industry best practices to safeguard data and transactions at every stage.
Mesh leverages highly available, scalable, and stable infrastructure protected by multiple layers of defense. We apply zero trust and least privilege principles across our architecture to enforce separation of duties and segregate our environments. Access rights are reviewed regularly, multi-factor authentication is enforced for all administrative accounts, and idle sessions are automatically terminated to reduce risk of unauthorized access. We actively monitor for malicious network traffic and anomalous system behavior.
Mesh employs strong encryption algorithms to protect data at rest and in transit. We are committed to using robust algorithms for protecting data, safeguarding encryption keys, and ensuring secure exchange. Encryption choices are configured to meet or exceed industry standards.
Mesh follows a security by design approach, where security considerations are integrated into the initial planning and design phases of our products and addressed throughout the Secure Development Lifecycle. Security is a core component of our product architecture, not an afterthought. We've implemented automated and manual security reviews, checks, and testing — ensuring security is a continuous process.
We engage reputable third parties to conduct comprehensive penetration testing against our products prior to release and on an ongoing basis. We also maintain an ongoing program of external tests, internal vulnerability management, and configuration audits to ensure continuous security coverage and rapid remediation. Our intent: simulate real-world attacks to identify and fix potential vulnerabilities before they're exploited.
End-user PII may be temporarily handled when required to facilitate a transaction, but is not stored long term.
Mesh may store non-PII such as balances and portfolio holdings to improve the end-user experience. All data is encrypted at rest and in transit.
More information regarding Mesh's policies, audits, and approach to security is available at our Trust Center.
Visit trust.meshconnect.com
