Security & compliance
Audit-grade, by default.
Mezdoc was built for regulated workloads from the first commit. Encryption at rest with customer-managed keys, immutable audit logs, RBAC with org and environment scopes, and region-pinned residency.
SOC 2
Type II
ISO 27001
Certified
GDPR
EU-aligned
HIPAA
BAA on Enterprise
DPDP (IN)
Compliant
GLBA (US)
Aligned
PCI DSS
Tokenized
CCPA / CPRA
Compliant
CSA STAR
Level 1
ISO 27018
Cloud privacy
Pen-tested
Twice yearly
Bug bounty
Public
Inside the platform
How we keep your documents safe.
Data encryption
- AES-256 at rest for every PDF, source asset, and DB row.
- TLS 1.3 in transit; HSTS preloaded.
- BYOK (AWS KMS) on Enterprise - your CMK, your control.
- PII fields can be marked sensitive - redacted in logs.
Access & identity
- RBAC: owner / admin / editor / viewer at org level.
- Per-environment scoped API tokens, with rate limits.
- SSO via SAML 2.0 & OIDC. SCIM provisioning on Growth+.
- Step-up auth required for destructive actions.
Tenancy & residency
- Single-tenant database per region for Enterprise.
- Region pinning to ap-south-1 (Mumbai) or us-east-1 (Virginia).
- Data never leaves your chosen region without explicit consent.
- Cross-region disaster recovery on opt-in.
Observability & audit
- Immutable audit log of every read & write.
- Tamper-evident eSignature trail with IP & UA.
- Webhook delivery log with replay protection.
- Status page with public SLAs & post-mortems.
Secure SDLC
- CI-enforced SAST, SCA, secret scanning.
- Mandatory code review & signed commits.
- Quarterly internal red-teams; bi-annual external pen-tests.
- Public responsible-disclosure program with rewards.
Resilience
- 99.99% uptime SLA on Enterprise (99.9% on Growth).
- Multi-AZ Postgres with PITR (35 days).
- Worker fleet auto-scales; jobs are at-least-once with idempotency.
- Quarterly DR drills with documented RTO & RPO.
Security questionnaires.
Need our SOC 2 Type II report, pen-test summary, DPIA, or BAA? They're available under NDA from our Trust Center.