Security
Last updated: January 2025
Security First
At Merge Combinator, security is foundational to everything we do. As a venture studio focused on national security, we maintain rigorous security practices to protect our partners, builders, and the sensitive work we do together.
Our Security Principles
- Defense in Depth: Multiple layers of security controls protect our systems and data
- Least Privilege: Access is granted only as needed and regularly reviewed
- Continuous Monitoring: Our systems are monitored for suspicious activity
- Secure by Design: Security is built into our processes from the start
Data Protection
We implement industry-standard security measures to protect your data:
- Encryption in transit (TLS 1.3) and at rest
- Regular security assessments and penetration testing
- Access controls and authentication mechanisms
- Secure data handling and storage practices
Infrastructure Security
Our infrastructure is hosted on enterprise-grade cloud platforms with:
- SOC 2 Type II certified data centers
- DDoS protection and web application firewalls
- Regular patching and vulnerability management
- Incident response and disaster recovery procedures
Reporting Security Issues
We appreciate the security research community's efforts to improve security. If you discover a security vulnerability, please report it responsibly:
- Email: security@mergecombinator.com
- Please provide detailed information about the vulnerability
- Allow reasonable time for us to address the issue before disclosure
Contact
For security-related inquiries, please contact our security team at security@mergecombinator.com.