Security and Privacy Whitepaper

Merimen Enhancement Extension (MEE) Provided by Nova Vertex Sdn Bhd

1. Executive Summary

At Nova Vertex Sdn Bhd, we understand that data security and privacy are the highest priorities for the insurance claims industry. The Merimen Enhancement Extension (MEE) is designed to streamline workflows and improve efficiency without compromising the integrity of sensitive claims data. This document outlines our security-first architecture, our strict adherence to data privacy principles, and our commitment to ensuring the MEE operates seamlessly within enterprise compliance frameworks.

2. Architectural Security & Data Flow

The core security philosophy of the MEE is Zero Data Exfiltration. The extension functions purely as a client-side interface enhancement tool within the user's local browser environment.

100% Local Processing: All data parsing, automation, and interface enhancements occur locally on the user's machine.

No External Servers: The MEE does not transmit, route, or mirror any Merimen platform data, policyholder information, or claim details to Nova Vertex servers or any third-party infrastructure.

No Telemetry on Claims Data: We do not track or log user interactions with sensitive fields, vehicle damage assessments, or personal identification details.

3. Data Privacy and PDPA Compliance

Protecting Personally Identifiable Information (PII) is a shared responsibility, and the MEE is engineered to support full compliance with the Personal Data Protection Act (PDPA).

No Data Storage: The MEE does not cache, record, or store any data from the Merimen system locally or externally. Once the browser session is closed or the page is refreshed, all temporary computational variables are cleared.

No Credential Access: The extension does not interact with, store, or transmit user login credentials or authentication tokens.

Anonymity: Nova Vertex Sdn Bhd does not build user profiles or monetize data. Our sole business objective is providing workflow efficiency tools.

4. Principle of Least Privilege (Manifest Permissions)

Enterprise security requires strict control over browser extension capabilities. The MEE’s manifest.json file is configured using the principle of least privilege, requesting only the specific, minimal permissions required to function.

Host Permissions: The extension's execution is strictly scoped to the exact URLs necessary for operation. It remains dormant and cannot execute scripts on unapproved external websites or internal company intranets.

Active Tab and Scripting: Permissions are utilized exclusively to inject the necessary user interface enhancements into the active working session, with no background scraping capabilities.

5. Secure Development and Auditing

Nova Vertex Sdn Bhd is committed to maintaining a secure development lifecycle to protect against vulnerabilities.

Code Integrity: The extension code is heavily vetted for common web vulnerabilities (such as XSS or injection flaws) before release.

Open to Audit: We welcome independent security reviews. We are prepared to provide source code access under a Non-Disclosure Agreement (NDA) to your internal IT security teams for comprehensive auditing prior to deployment.

Sandboxed Piloting: We support and encourage initial deployments in a controlled staging or training environment. This allows network administrators to monitor traffic and independently verify that the MEE does not initiate outbound data connections.

6. Conclusion

The Merimen Enhancement Extension is built to empower claims professionals while fully respecting the strict security boundaries established by insurers. By keeping all processing local and requesting minimal permissions, Nova Vertex Sdn Bhd ensures that utilizing the MEE introduces no additional risk to your existing IT infrastructure or data governance policies.