Merge for EU: Build integrations while complying with GDPR

30% of Merge customers are based in Europe
Global offices in NYC, SF, and Berlin
Merge supports a wide range of European software integrations

Data localization and transfer

Merge puts in place a DPA (data processing agreement) with all customers, whereby Merge commits to processing data transfers in accordance with GDPR’s Standard Contractual Clauses. In addition, Merge offers Customers control over where their data is stored.

EU tenants

If the customer selects our EU multi-tenant environment, data will only be stored in the EU in Stockholm.

Single-tenant environments

Single-tenant environments available for purchase as part of an annual plan if an additional level of security is desired. You receive your own servers and databases, and though Merge manages your data, it is fully separated from that of other Merge customers.

Data minimization

Merge offers several features that give Customers greater control over the data that is shared.

Scopes

Scopes offers the ability to request only the data models and fields that are needed.

Selective Sync

Selective Sync offers the ability to filter data for enabled models and fields; this functionality is dependent on third-party support for filters as well as Merge-provided filter coverage, which we are continuously expanding.

Redact unmapped data

Merge offers the ability to redact data from the third-party for unmapped fields. This prevents security concerns by redacting sensitive fields that appear in logs and remote data.

Data access and erasure

Merge offers several features that provide individuals with the means to control their personal data.

Data deletion via ignore endpoint

If someone has requested that their personal data not be transferred, this functionality allows you to ignore a specific data subject, while continuing to pull others.

Linked Account deletion

When a Linked Account is deleted, all data associated with that Linked Account is also deleted from Merge. Merge enables the deletion of a Linked Account in both the Merge Dashboard and also via API.

Accountability and compliance

Consistent with GDPR’s core value of Accountability, Merge keeps detailed records of data processing activities and implements appropriate security measures to protect data.

Audit trail

Merge offers Enterprise Customers access to our audit trail, which provides a record of activities and actions taken by users within Merge. Audit trail facilitates transparency and accountability across your operations. Merge is currently the only Unified API that offers this feature.

SSO with SAML

Merge is compatible with Single Sign-On (SSO) with Security Assertion Markup Language (SAML), allowing organizations to control which of their internal users have access to the Merge dashboard and enforce organizational access policies.

Data Encryption

Merge encrypts all data at rest and in-transit. All our data is stored in AWS, and is encrypted using the AES-256 encryption algorithm. Data is not allowed to be stored on external media, and production data is never moved out of production environments. Additionally, we enforce strict access controls internally for customer data, including enforcing Purpose-based access control in addition to Role-based control for each instance of access to customer data. More details around our security and data protection policies are available at trust.merge.dev.

Additional resources

How Ledgy’s region-specific HRIS integrations helped grow their presence in multiple countries

Read case study

“Ledgy is being used by organizations in 45+ countries, and Merge has helped us along the way. Offering a product that provides the most integrations in the market has helped us increase our close rate.”

Armon Bättig

Head of Sales