Security + compliance hub
Everything you need to evaluate, configure, and maintain your security posture with Meridian. From architecture deep-dives to operational controls — all in one place.
Security overview
Architecture, threat model, encryption at rest and in transit, key management, and our shared responsibility model.
Compliance
SOC 2 Type II, ISO 27001, GDPR readiness, and our continuous control monitoring posture.
Data Processing Agreement
Standard contractual clauses, controller-to-processor terms, and how to execute our DPA for your organization.
Subprocessors
Current list of third-party subprocessors, their locations, the services they provide, and how we vet them.
Logging & retention
What we log, where logs live, retention windows, access controls, and immutable audit trails.
Data residency
Region provisioning, data locality guarantees, cross-border transfer safeguards, and available hosting regions.
Secrets management
How we handle API keys, environment secrets, encryption keys, rotation policies, and HashiCorp Vault integration.
IP allowlisting
Restrict dashboard and API access to trusted CIDR ranges. Setup guide and enforcement modes.
Single Sign-On
SAML 2.0 and OIDC provider configuration. Okta, Azure AD, Google Workspace, and custom IdP instructions.
Audit log
Immutable, queryable event stream covering authentication, configuration changes, and sensitive data access.
Responsible disclosure
Our vulnerability disclosure policy, scope, safe harbor provisions, and how to report findings securely.
Need a security document we haven't published?
Reach out to security@getnimbus.net with your request. We respond to security inquiries within 24 hours and can provide additional attestations under NDA for enterprise customers.