Security and trust

Controls designed around accountable AO work.

Meritura separates identity, tenant membership, operational permissions and evidence. This page describes implemented product controls, not an external certification.

Implemented foundation

Security is part of the workflow boundary.

Invitation-only identity

Clerk authentication is paired with an active Meritura tenant membership. Public self-service registration is closed.

Tenant and role boundaries

Operational records are tenant-scoped, with server-owned mutations and role permissions for accountable AO work.

Private production data

Supabase service credentials remain server-side. Public clients do not receive the service role key.

Audit evidence

Important workflow transitions retain the actor, time, target and supporting metadata needed for review.

Data minimisation

Journey readiness intake excludes unnecessary categories and validates the versioned handoff before AO review.

Human decision gates

Final results and high-risk regulated casework remain human-owned and cannot be released by AI.

Assurance boundary

What buyers should verify with us.

Security requirements vary by AO, data set, integration and implementation. A walkthrough can cover access design, tenant separation, data flows, audit evidence, retention and incident ownership against your own due-diligence process.

Meritura does not claim ISO certification, regulatory endorsement or guaranteed compliance unless separately evidenced in writing.

Start a security-focused walkthrough