Data Security

Merlin's unique single-tenant architecture offers security, redundancy, high availability and disaster recovery options unique to our industry.

We are committed to data security.

Over the past two decades, we’ve hosted data for many of the largest companies and law firms in the world. We know security is critical to our clients and to their business. We are proud to say we have never had a security incident involving data compromise or loss. 

Security is a key design criterion for our cloud-native applications. We chose a single rather than multi-tenant architecture because of the flexibility and security advantages it offers.With a single-tenant environment, we can lock down client data without fear of bad actors attacking data after gaining access through other client sites. We can also offer clients a range of additional security measures including customizable control over the environment, enhanced access restrictions and special monitoring. 

We build our operations practices to meet or exceed applicable industry standards for privacy and data security both in the U.S. and around the world. To support that objective, we chose Amazon Web Services to provide infrastructure, networking and advanced security services. We then integrate security best practices into software design and data practices. 

Ultimately clients can trust data hosted in our systems just as if they were behind their own firewalls.

Application Security

We offer a host of security options designed to ensure control over your data access from upload to archive. In addition to cloud monitoring and active firewall management, we use these best practices to protect data from improper access:

Encryption in Transit and at Rest

Data is encrypted in transit and at rest to ensure maximum security even if the data is accessed surreptitiously. We protect data from point to point using TLS or SFTP and in storage using AES-256 encryption.

Secure Document Lockdown

Requests to view a document must be accompanied by a time-limited Authorization Ticket before access is granted. This keeps users from improperly sharing files and hackers from traversing file servers.

Permission-Based Roles

Every function in a Merlin software platform is locked down as a permission. Administrators can create roles for any combination of functions, limiting the fields and actions available for each user.

Single Tenant Environments

Our systems run securely in a no share, single tenant environment. Each matter runs on separate database, search and storage servers that can be protected from both inside and outside intervention.

Optimized for Multi-Party Use

We provide private fields and shared folders as standard issue. User groups get private tag sets and shared searches so they can work together while protecting group work product.

Complete Logging and Auditing

We provide extensive auditing and logging capabilities so site administrators can track each person's use of the site. Document views, tags, searches and other actions are tracked throughout.

"There’s no silver bullet solution with cyber security, a layered defense is the only viable defense.”

James Scott, Institute for Critical InfrastructureTechnology

Cloud Security

Those new to the public cloud may fear they are compromising security for speed, scalability and cost savings. In fact the opposite is the case. Rather than build our own data centers, as we did in the past, we chose Amazon Web Services (AWS) as our infrastructure partner. AWS was the first to offer secure public cloud services  and it is the leader worldwide on cloud security. 

Thus, from the beginning, we purpose-built Merlin’s software platforms to run on the Amazon cloud and to take advantage of the many security features and services it offers. 

1. Physical Security

AWS maintains highly-secure facilities which are locked-down and monitored at all times. We have decades of experience managing our own environments across private data centers and find AWS to be more secure for a number of reasons, including the fact that they are staffed with many of the best information security professionals in the world. In addition, their locations are not publicly disclosed and customers are not allowed to enter the facilities. Only well-screened employees are allowed to enter and then only on a strict need to access basis.

2. Certifications

AWS has been providing infrastructure for government agencies and other large entities around the world for more than a decade. As a result, it needs to carry an extensive list of security certifications from multiple ISO badges, to fedramp (U.S. government required), to PCI, HIPAA, SOC and dozens of others.    AWS carries over 40 U.S and international audit certifications. 

3. Encryption

AWS supports encryption in transit and at rest for all data we maintain. Encryption protects against a hacker gaining access to your storage devices but it also protects against data center employee malfeasance. Even if an intruder or employee manages to access an encrypted hard drive, nothing will come of it because the encrypted data is unreadable.

4. Redundancy

 AWS provides a highly durable storage infrastructure designed for mission-critical and primary data storage. Objects are redundantly stored on multiple devices across multiple facilities in an Amazon S3 Region. 

5. Security Services

We take advantage of multiple services offered by AWS to protect client data to supplement our security practices.  If you need extra security for your site, we can offer a wide range of special options to further strengthen the protections inherent in a single-tenant environment. Ultimately, can take control of your complete site.

Good Company: We find ourselves in good company.  AWS provides infrastructure and security to a wide range of companies and agencies including the Department of Defense, banks, Comcast, Dow Jones, the European Space Agency, ESPN, FINRA, General Electric, NASA, NASDAQ,  Pfizer, SAP, Tata Motors, Turner Broadcasting, the US Department of State, the UK Ministry of Justice and Zillow.

Security Certifications

We chose Amazon Web Services as our infrastructure and security partner in part because of the large number of security certifications they bring to the table. Here are just a few of them. 

If you would like to know more about our security practices, reach us at

Ready to Believe?

Software is the magic of the Twenty-First Century. Contact us to learn more about our digital magic.
Scroll to Top