Melp Legal

Security Overview

An overview of how Melp secures your data—from encryption and access controls to monitoring, incident response, and resilience.

Last updated December 19, 2025We keep this document current

Encryption everywhere

TLS in transit and strong encryption at rest protect messages, meetings, and files by default.

Tight access control

SSO, SAML, MFA, and role-based permissions ensure only the right people can reach the right data.

Resilience built-in

Redundant infrastructure, tested backups, and disaster recovery plans keep Melp available.

Architecture and encryption

Our stack is built on hardened cloud infrastructure with layered controls to safeguard customer data.

All traffic is encrypted in transit using modern TLS; data at rest uses strong encryption (for example AES-256) with managed keys.
Secrets are stored in dedicated secrets management systems with strict access policies and audit logs.
Production and corporate environments are segmented, with least-privilege access between services.

We verify identity, minimize privileges, and give admins granular controls over user access.

Support for SSO/SAML, SCIM, and MFA so organizations can enforce centralized identity requirements.
Role-based access control for meetings, messaging, file sharing, and admin capabilities.
Just-in-time and time-bound access for Melp personnel with approvals, logging, and revocation.

Layers of protection guard against intrusion, abuse, and data exfiltration.

Web application firewalls, DDoS protections, and rate limiting shield public endpoints.
Security patches and dependency updates are applied on a defined cadence with emergency procedures for critical vulnerabilities.
Automated backups and encryption for stored assets, including media and document storage.

Centralized telemetry and alerting provide visibility across systems and user activity.

Comprehensive logging of authentication, administrative actions, and data access with retention for investigations.
Automated alerts for anomalous activity and system health, routed to on-call engineers 24/7.
Regular vulnerability scanning and external penetration testing to validate controls.

Security is built into how we design, build, and release new features.

Code changes undergo peer review, automated testing, and dependency scanning before release.
Secrets are never stored in source control; automated checks enforce policies in CI/CD pipelines.
Employees complete regular security and privacy training with role-specific modules for engineers and support.

A documented, tested playbook guides how we detect, triage, and communicate about incidents.

Dedicated on-call responders follow runbooks for security events and service disruptions.
Customers receive timely notifications about incidents that affect their data or availability.
Post-incident reviews drive corrective actions and measurable follow-ups.

Melp is engineered for high availability and rapid recovery from disruptions.

Regularly tested backups with defined recovery point (RPO) and recovery time objectives (RTO).
Regional redundancy and failover strategies for critical services where supported by the cloud provider.
Capacity planning and load testing to maintain performance during growth or traffic spikes.

We align our controls with recognized standards and provide documentation to enterprise customers.

Security controls are mapped to common frameworks such as SOC 2 and ISO 27001 where applicable.
Data processing agreements and subprocessors lists are available to customers on request.
Audit evidence and penetration test summaries can be shared under NDA to support due diligence.