Security

Last updated: January 2025

At Merge Combinator, security is foundational to everything we do. As a venture studio focused on national security, we maintain rigorous security practices to protect our partners, builders, and the sensitive work we do together.

Our Security Principles

• Defense in Depth: Multiple layers of security controls protect our systems and data
• Least Privilege: Access is granted only as needed and regularly reviewed
• Continuous Monitoring: Our systems are monitored for suspicious activity
• Secure by Design: Security is built into our processes from the start

Data Protection

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Secure data handling and storage practices

Infrastructure Security

Our infrastructure is hosted on enterprise-grade cloud platforms with:

• SOC 2 Type II certified data centers
• DDoS protection and web application firewalls
• Regular patching and vulnerability management
• Incident response and disaster recovery procedures

Reporting Security Issues

We appreciate the security research community's efforts to improve security. If you discover a security vulnerability, please report it responsibly:

• Email: security@mergecombinator.com
• Please provide detailed information about the vulnerability
• Allow reasonable time for us to address the issue before disclosure

Contact

For security-related inquiries, please contact our security team at security@mergecombinator.com.