Security at Mesh

Mesh is a comprehensive, trusted, secure, and SOC II compliant solution with a team that has decades of experience in auth and identity management.

We use a combination of operational, application, and infrastructure-level security controls to ensure the security of client and end-user data.

Audited by
Halborn Logo
Soc 2 Type II certified
No PII stored
Zero trust, least privilege access
Regular penetration testing

Operational readiness

Mesh is SOC 2 Type II certified, and as such undergoes regular penetration testing with third-party security firms.

In addition to rigorous threat modeling to identify potential code vulnerabilities, we also use automated code scanners and active monitoring to ensure all third party infrastructure is secure with the latest security patches.

Application principles

Mesh uses a combination of zero trust authorization and least privilege access to restrict users’ access to only the resources that are necessary for their role within our systems.

2FA is a key part of our strategy to improve defense by layers, and we believe is a must-have for any modern financial system. Mesh employs AES 256 to encrypt data at rest, and RSA 2048 to securely exchange the encryption keys between two parties, thus providing a secure way to both store and transmit data. Internally, Mesh employs consensus (with minimum of 2) rules as part of all change control processes to ensure any and all access to production systems has oversight, is audited, and is done using only the tools that have been vetted by our security team.

Two factor Auth. Image

Infrastructure best practices

Mesh leverages Azure Cloud Services to ensure a highly available, scalable, and stable infrastructure. We also employ Web Application Firewalls (WAF) as well as CDN providers to protect against malicious activity.

Infrastructure best practices Image

Architecture

Authentication and token management

Mesh SDK defaults to OAuth-based authentication whenever available.

Access tokens can be stored on client-owned servers (recommended), end-user devices, or through a shared service with 24/7 monitoring where Mesh stands up a Key Management System (KMS) and will manage user credentials on a client’s behalf (not recommended).

We recommend that clients manage the KMS infrastructure, in which case the Mesh API will call the encrypted versions of tokens upon users' requests.

Token: client-managed

Token: client-managed Image

Token: Mesh-managed

Token: client-managed

End-user data

Mesh never stores end-user PII. PII may be temporarily handled when required to facilitate a transaction, but is then immediately discarded, never logged nor stored.

Mesh does store non-PII such as balances and portfolio holdings to improve the end-user experience, and all data is encrypted using customer keys at rest and in transit.

Contact Sales

Write the future of FinTech
Please enter your First Name
Please enter your Last Name
Email is incorrect
Phone number is incorrect
Please enter your Company Name
Please enter your Country
Please fill out the message field
Thanks!
Our sales team will reach out
to you soon.
OK
Oops! Something went wrong while submitting the form.