security

Data Security and Privacy

Privacy, Trust, and Security at Meritto

At Meritto (formerly NoPaperForms), we understand that the cornerstone of any successful educational technology platform is the unwavering commitment to data privacy, trust, and security. In a world where data breaches and privacy concerns are rising, we ensure that our solutions are not just tools for growth but also bastions of security for your organization’s and students’ data.

Privacy-as-a-Priority Privacy as a Priority

Privacy isn’t just a feature at Meritto; it’s a foundational principle. We treat your data with the utmost respect and confidentiality, ensuring that your organization’s and students’ information remains secure and private. Our approach to handling data is transparent and straightforward – we do not engage in selling data or using it for unintended purposes. Your data remains your own, and we are custodians, ensuring its safety, confidentiality and integrity.

Building-Trust-through-Transparency Building Trust through Transparency

Trust is not given; it’s earned. At Meritto, we earn your trust by providing complete visibility into how we manage and protect your data. We believe in an open dialogue about our security practices and are committed to upholding the highest standards of data integrity. Our policies are clear, our operations are transparent, and our dedication to safeguarding your data is unwavering.

A-Fortress-of-Security A Fortress of Security

Security at Meritto is not just about implementing the best practices; it’s about setting new standards. Our secure cloud hosting is bolstered by AWS’s multi-layered security approach, which includes everything from physical security at data centers to advanced cyber protection measures. We continuously evolve our security strategies to stay ahead of threats, ensuring that your data is protected with the most advanced and robust security measures available.

Commitment to Excellence through Certification

At Meritto, we are dedicated to achieving and maintaining the highest standards of quality and security in our services and operations. This commitment is reflected in our pursuit of globally recognized certifications and compliance with industry standards. Our certifications are not just badges of honor; they represent our dedication to excellence and the trust you can place in our solutions.

Business Model & Privacy

Ad-Free-Business-Model Ad-Free Business Model

Our business model is straightforward – we offer high-quality technology solutions at affordable prices. We avoid ad-based revenue models, ensuring that there’s no conflict between monetization and user privacy.

Commitment-to-Customer-Trust No Hidden Agendas

We have a transparent and ethical approach to business. There are no back-end deals or hidden agendas that compromise user privacy. We gain revenue directly from the value our products provide, not through data exploitation.

No-Hidden-Agendas Commitment to Customer Trust

Our relationship with our customers is built on a foundation of trust. We avoid practices like double-dipping or backdoor deals that could betray this trust. Our goal is to be a trusted partner in your educational journey, not just a service provider.

User Privacy and Data Sovereignty

User-Data-Ownership User Data Ownership

At Meritto, we recognize that our users own their data. We do not sell, share, or misuse customer data. Our role is to safeguard it and ensure its confidentiality and integrity.

Global-Data-Compliance Global Data Compliance

Recognizing the diverse nature of data privacy and compliance requirements across different legal jurisdictions, such as the U.S. and European Union (EU), we tailor our approach to meet these varied standards, ensuring global compliance and respecting data sovereignty.

Legal-Framework Legal Framework

We adhere to prevailing legislation related to data, including comprehensive data privacy laws. This ensures our practices are always aligned with the latest legal requirements.

Third-Party Associations Third-Party Associations

Our collaboration with third-party organizations is managed meticulously to maintain the integrity and privacy of data. We understand, scrutinize, and evaluate each third-party service that may handle your data, through risk assessments and periodic reviews.

Policies Policies

We have established robust business rules and policies designed to protect both employees’ and users’ data privacy. These policies are regularly reviewed and updated to reflect evolving standards and threats.

Data Governance Data Governance

Our data governance framework includes stringent standards and practices for storing, securing, retaining, and accessing data. This ensures data integrity and minimizes risks across all data lifecycle stages.

Practices Practices

We implement industry-best practices to guide our IT infrastructure, data privacy, and protection strategies. This includes regular audits, employee training, and the adoption of advanced security technologies.

Here’s what we offer

Access Control Access Control

  • Single-sign on.
  • Multi-factor authentication
  • Role-based access controls
  • IP based access restriction
  • Logging, auditing and monitoring features

Data Security and Privacy Data Security

  • Data masking
  • Data encryption
  • Data Isolation

Operational Security Operational Security

  • Hosted on AWS
  • Continuous logging & monitoring
  • Data backup and restoration
  • Vulnerability assessment and remediation
  • Disaster recovery
  • Change management process

Infrastructure Security Infrastructure Security

  • ACLs for traffic restriction
  • AWS default DDoS protection
  • Server Hardening

Meritto’s data protection strategy

Meritto’s data protection strategy is intricately aligned with the
core principles of the General Data Protection Regulation (GDPR)

Lawfulness, Fairness, and Transparency Lawfulness, Fairness, and Transparency

We process personal data for original intent, ensuring fairness and complete transparency in our data handling practices.

Purpose Limitation Purpose Limitation

Data is collected solely for specified, explicit, and legitimate purposes, with a clear communication of these purposes to our users.

Data Minimization Data Minimization

We adhere to the principle of collecting only the minimum data necessary for our stated purposes.

Accuracy Accuracy

Continuous efforts are made to keep personal data accurate and up-to-date.

Storage Limitation Storage Limitation

We will store any personal data we collect from our customers as long as it is necessary in order to facilitate use of the Services and for ancillary legitimate and essential business purposes.

Integrity and Confidentiality Integrity and Confidentiality

We maintain robust security measures to protect data against unauthorized access, accidental loss, destruction, or damage.

Meritto

At Meritto, we don’t just offer a platform; we provide a secure environment where your educational organization can thrive without the concerns of data breaches or security threats. Trust, privacy, and security are not just words for us; they are the pillars upon which Meritto is built.

Choose Privacy. Choose Security. Choose Meritto.