Security

How we protect your data.

MerlAI is built on modern cloud infrastructure with a focus on protecting your personal information, resume content, and account access.

Infrastructure & Hosting

MerlAI is hosted on reputable cloud infrastructure providers (such as Amazon Web Services in the ap-southeast-2 region) that offer strong physical, network, and environmental controls. Our systems are deployed using managed services where possible to benefit from built-in security hardening and updates.

Data Protection & Encryption

  • In transit: All connections to the MerlAI web application use HTTPS/TLS to encrypt data between your browser and our servers.
  • At rest: Resume content and related data are stored in encrypted storage provided by our cloud providers.
  • Sensitive fields: We minimise the amount of sensitive information stored and avoid storing payment card details directly, relying instead on PCI-compliant payment processors.

Access Control & Authentication

We take a least-privilege approach to access:

  • Production systems are only accessible to a limited number of authorised team members.
  • Access to infrastructure and management consoles is protected by strong authentication controls.
  • End-user authentication is handled via secure session tokens, and you can enable additional factors where available.

Payments & Billing Security

All payments are processed by trusted third-party providers (such as Stripe). We do not store full payment card numbers or security codes on our own servers. Your billing information is handled according to those providers' security and compliance standards.

Logging & Monitoring

We maintain application and infrastructure logs to help detect unusual patterns, diagnose issues, and support security investigations where necessary. Access to logs is restricted to authorised personnel.

Data Retention & Deletion

We retain your account and resume data for as long as necessary to provide the Services or as required by law. You can request deletion of your account and associated content via the account settings. When you request deletion, we follow a process to remove or irreversibly de-identify your personal data from active systems, subject to any legal or operational retention requirements.

Responsible Disclosure

If you believe you have found a security vulnerability or privacy issue in MerlAI, we encourage you to report it responsibly so we can investigate and remediate promptly. Please contact us at support@merlinsgroup.com.au with relevant details. We ask that you do not publicly disclose potential issues until we have had a reasonable opportunity to address them.

Questions

If you have questions about our security practices, or how they apply to your use of MerlAI, you can contact us at:

Merlin's Group Pty Ltd
Email: support@merlinsgroup.com.au
Address: Level 9, 2 Phillip Law St, New ACTON ACT 2601, Australia