This security information describes how Mekry Oy protects the MekryPro service (MekryPro) and its users. The service is used by companies, private individuals, employees and others — for example for room mapping, offers or the upcoming quote-request and auction features.
1. Security principles
We protect the service and its data with technical and organisational measures. We aim for least privilege: only necessary access, only necessary data, and only trusted subprocessors. We improve security continuously as the service is updated.
No online service is completely risk-free. We notify significant security breaches as required by law and guide users when needed.
2. Authentication and accounts
Sign-in uses password, passkey (WebAuthn) and/or two-factor authentication (2FA). Sessions expire automatically and session identifiers are regenerated on login.
- Password: use a strong, unique password; change it in Profile > Security when needed.
- 2FA: we recommend enabling two-factor authentication, especially on company accounts.
- Passkey: you may register a passkey or security key for passwordless sign-in.
- Recovery codes: store 2FA recovery codes offline; never share them in support requests.
3. Access control
The service uses roles and permissions. A company administrator grants team members only the access they need. Private users access their own data; shared projects, portals and upcoming quote requests follow separate sharing rules.
We do not sell access to third parties. Production data access is limited to staff and operations only as needed for their work.
4. Data protection
Traffic between browser and server is encrypted (TLS/HTTPS). Sensitive data is also protected in storage and backups using appropriate methods.
We aim to process personal and customer data mainly within the EU/EEA. Read more in our privacy policy.
5. Technical safeguards
The service includes measures such as:
- CSRF protection in forms and important API calls
- browser security headers (e.g. content-type checks, frame restrictions)
- logging and monitoring to detect suspicious activity
- regular updates and vulnerability fixes
- restrictions on executing uploaded files on the server
- separate administration environment and controlled production access
6. Sharing, portals and quote requests
You may share room mapping, invite subcontractors or take part in quote requests and an upcoming auction. You are responsible for:
- inviting only trusted recipients and revoking access when no longer needed;
- ensuring shared data does not contain unnecessary personal information;
- evaluating offers and entering contracts yourself — MekryPro is not a party to your agreements.
7. Your responsibilities
You help maintain security when you:
- keep login credentials confidential and do not share your account;
- sign out on shared devices;
- report suspicious activity or data leaks without delay;
- keep your device and browser updated;
- do not open suspicious links using your MekryPro credentials.
8. Security incidents and reporting
If you suspect a security breach, unauthorized use or vulnerability, contact: info@mekrypro.fi. Briefly describe what you observed, when and on which account.
We investigate reports and aim to respond within a reasonable time. For serious personal data breaches we notify data subjects and authorities as required by law.
9. Changes to this information
We may update this information as the service evolves. Material changes will be announced in the service when reasonable. Current version: https://mekrypro.fi/legal/security.
10. Contact and related documents
Mekry Oy, Kissalakuja 7, 21800 Kyrö. Email: info@mekrypro.fi.
Personal data: privacy policy. Terms: terms of use. Cookies: cookie policy.