Merge vs. Unified.to: A 2026 Comparison for SaaS and AI Teams
April 9, 2025
Updated May 2026
Merge and Unified.to are unified API platforms with different architectures. Merge syncs and stores customer data to serve cached reads. Unified.to routes every request directly to the source API and stores no customer data. This post compares the two across architecture, pricing, security, feature availability, and offboarding — using each platform's own published documentation as the source.
TL;DR — Merge vs. Unified.to
| Dimension | Merge | Unified.to |
|---|---|---|
| Architecture | Sync-and-cache: scheduled syncs into Merge's database | Pass-through: every request executes against the source API live |
| Coverage | ~220 integrations, 6–7 main categories | 446+ integrations, 27 categories |
| Read latency | Sub-100ms from local cache | Typically 800ms–1.5s per source-API round-trip |
| Customer data storage | Stored indefinitely until manually deleted | Not stored at rest |
| Pricing model | Per linked account ($650/mo for 10, $65 each beyond on Launch) | Usage-based: Grow plan starts at 750,000 API calls/$750/mo, with a 30-day free trial |
| Custom fields and objects | Professional and Enterprise only | Available on every plan |
| Deletion detection (full coverage) | Premium add-on, Professional and Enterprise only | Handled at request time (no detection job needed) |
| Field-level scopes | Professional and Enterprise only | Available on every plan |
| Zero-data-retention | Destinations add-on, Professional and Enterprise only, closed beta | Default architecture |
| AI agents | Merge Agent Handler on cached data | Unified MCP on live, normalized data |
| Security certifications | SOC 2 Type II, ISO 27001, HIPAA, GDPR, CCPA, EU-US/UK/Swiss DPF | SOC 2 Type II, HIPAA, GDPR, CCPA/CPRA, PIPEDA |
| Best for | Analytics-heavy workloads, HR/ATS depth, predictable per-tenant cost | Real-time SaaS and AI products, multi-category integrations, usage-aligned cost |
How are Merge and Unified.to architected differently?
The difference is structural, not stylistic.
Merge runs scheduled syncs. Background jobs poll each connected system, normalize the data, and store it in Merge's own infrastructure (AWS, multi-tenant by default in Virginia, Stockholm, or Singapore). Your reads hit Merge's stored data. Freshness depends on sync frequency, with webhooks layered on top to notify your application when data changes.
Unified.to is pass-through. Every API call routes directly to the source system at request time. The response streams back to your application without being cached or stored. For event-driven flows, Unified pairs native webhooks (where providers support them) with virtual webhooks (managed polling that emits only on detected change).
This architectural fork drives the latency trade-off. According to Unified's own documentation, pass-through latency is typically 800ms–1.5s per request — the time of a full source-API round-trip plus the network path. Sync-and-cache models can deliver sub-100ms reads from a local cache. Both are valid trade-offs against different priorities. For a deeper architectural breakdown, see Pass-Through vs. Sync-Based Unified APIs.
Pass-through is the right choice when your application requires current data on every read, when compliance benefits from minimizing stored customer data, or when write operations need immediate confirmation at the source. Sync-and-cache is the right choice when read patterns tolerate minutes-to-hours of staleness, when applications need sub-100ms reads, or when high-volume historical analytics would be expensive against live source APIs.
What categories and integrations does each support?
Unified.to supports 446+ integrations across 27 categories, including HR, ATS, CRM, accounting, file storage, marketing automation, messaging, calendaring, ticketing, enrichment, and AI tooling.
Merge supports approximately 220 integrations concentrated in 6–7 main categories: HRIS, ATS, CRM, ticketing, accounting, file storage, and knowledge base.
Merge has historically focused on HRIS and ATS as core categories. Independent reviews consistently describe HRIS as Merge's deepest area, with HR-specific endpoints and documentation around use cases like training AI on HRIS data and retrieving payroll runs. If your product is exclusively HR analytics or payroll intelligence, Merge's HRIS track record is worth evaluating against Unified's. If HR is one of several categories your product needs to connect, Unified.to's breadth and pass-through architecture is more compelling.
How is Merge priced compared to Unified.to?
Merge prices per linked account. Each integration each customer connects counts as a billable unit. From Merge's published pricing as of May 2026:
- Launch (self-serve): Free for the first 3 production linked accounts, $650/month for up to 10, $65/month per additional linked account
- Professional: Contract-based pricing
- Enterprise: Contract-based pricing
Worked examples on the Launch plan:
| Linked accounts | Monthly cost |
|---|---|
| 10 | $650 |
| 50 | $3,250 |
| 100 | $6,500 |
| 200 | $13,000 |
| For Professional, Merge's AWS Marketplace listing offers a 12-month bundle at $25,000 for 20 linked accounts with daily sync — roughly $104/account/month, before negotiated discounts. Above Launch, both Professional and Enterprise are sold on contract-based pricing with capacity-based bundles, not pure pay-as-you-go billing. |
Unified.to prices on usage across all customers and all integrations. Plans start with a 30-day free trial, then move to:
- Grow: 750,000 monthly API calls for $750/month, with $1.00 per 1,000 overage calls
- Scale: 6,000,000 monthly API calls, with $0.50 per 1,000 overage calls (contact for pricing)
- Enterprise: Custom, including single-tenant and dedicated cloud options
A read of up to 100 records counts as one API call. Webhooks bill only when data changes, not on empty checks. Unlimited customer connections are included on every plan.
The two models optimize for different growth patterns. Per-account pricing is predictable when you have a small number of customers using integrations heavily. Usage-based pricing scales better when you have many customers with moderate use, when you support a free tier, or when integrations are broadly adopted across your customer base. For a deeper breakdown of how each model behaves at scale, see Usage-Based vs Per-Connection Pricing for Integrations.
What features are available on each Merge plan?
Several capabilities buyers often expect by default are gated to Merge's Professional or Enterprise tiers. From Merge's published pricing page and documentation:
| Feature | Launch | Professional | Enterprise |
|---|---|---|---|
| Common models (standardized data) | ✓ | ✓ | ✓ |
| Basic webhooks and observability | ✓ | ✓ | ✓ |
| Custom fields and custom objects | — | ✓ | ✓ |
| Field mappings (incl. via API) | — | ✓ | ✓ |
| Field-level scopes for data minimization | Basic only | ✓ | User-configurable |
| Full-coverage deletion detection | — | Premium add-on | Premium add-on |
| Destinations (bring-your-own-storage) | — | Closed beta | Closed beta |
| Selective sync filters (timestamp, custom) | Default only | ✓ | ✓ |
| Rate limit (requests per minute) | 100 | 400 | 600 |
| Log retention | 3 days | 30 days | 90+ days |
| Sandboxes / test linked accounts | Limited | Unlimited | Unlimited |
| SAML SSO | — | — | ✓ |
| Audit Trail | — | — | ✓ |
| Single-tenant / self-hosted deployment | — | — | Available for purchase |
| Sources: Merge's pricing page; Merge's data encryption and storing standards documentation; Merge's Destinations announcement. |
On Unified.to, custom fields, custom objects, field-level scopes, and zero-data-retention are part of the architecture, not tier-gated features. Available on every plan.
How does each platform handle customer data?
Merge stores end-customer data and credentials by default. From Merge's own data encryption and storing standards documentation: synced data and credentials are stored indefinitely in Merge's infrastructure until actively deleted by the Merge customer. Data is hosted in AWS (Virginia, Stockholm, or Singapore by default) and encrypted at rest with AES-256, with additional application-level encryption on PII fields. Deletion requires explicit action — either calling Merge's delete-account endpoint per category, deleting linked accounts via the dashboard, or invoking a data deletion request.
Merge offers a zero-data-retention path through Destinations, which streams normalized data into your own database (Postgres, Snowflake, S3, BigQuery, and others supported) instead of Merge's primary database. Two important caveats: Destinations is in closed beta and is only available on Professional or Enterprise plans, not on Launch. And Merge still ingests, processes, and normalizes data in its own infrastructure before streaming it to your database — Destinations changes where data is stored long-term, not whether Merge processes it.
Unified.to does not store end-customer data at rest. Each request fetches data from the source API and streams the response back to your application. Only minimal operational metadata (IDs, timestamps) is encrypted and retained. OAuth credentials and end-customer API tokens can optionally be stored in your own AWS Secrets Manager, Google Cloud, Azure, or HashiCorp Vault rather than on Unified's infrastructure. See Unified.to's security page for details.
What happens at offboarding?
Offboarding looks different on each platform because data persistence is different.
Leaving Merge requires more than ending the commercial agreement. Because synced data and credentials are stored indefinitely until manually deleted, customers must explicitly:
- Call the per-category
delete-accountendpoint (POST https://api.merge.dev/api/{category}/v1/delete-account) for each linked account, or delete each account through the dashboard - Invoke data deletion requests where applicable
- Rotate or revoke org-level access keys
Without these steps, Merge continues to hold synced data and credentials after billing has stopped. This is documented in Merge's own GDPR materials, which note that data is retained until you delete linked accounts or request deletion.
Leaving Unified.to is largely about contract termination and token rotation. Because Unified does not store end-customer data, there is no synced dataset to extract or delete. Per Unified's GDPR documentation: end-customers do not need to request deletion from Unified, since no data is stored on Unified's resources.
For buyers, this is a real consideration. Lock-in on a sync-and-cache platform extends beyond integration logic into the data and credentials held in the platform itself.
How does each platform support AI agents and MCP?
Both Merge and Unified.to support agent tool-calling. The architectural difference between them shapes what the agent sees.
Merge Agent Handler sits on Merge's sync-and-cache data layer. Tools registered with the agent operate on whatever was last synced from the source system.
Unified MCP is an MCP server that provides Unified's normalized objects to MCP-compatible clients (Anthropic, OpenAI, Google Gemini, Cohere, and others). Tool calls execute against the live source API at request time. Workday is one of 446+ integrations exposed through the same MCP URL, with connection-scoped permissions and tool filtering.
For applications where current state matters — AI assistants reasoning about real-time customer context, copilots executing actions, agents performing writes that need immediate source-side confirmation — Unified MCP's pass-through reads avoid the staleness window that comes with sync-based architectures.
What are the security and compliance postures?
Both platforms run on AWS with encryption at rest (AES-256) and in transit (TLS 1.2+).
| Merge | Unified.to | |
|---|---|---|
| SOC 2 Type II | ✓ | ✓ |
| ISO 27001 | ✓ | — |
| HIPAA | ✓ (with BAAs) | ✓ |
| GDPR | ✓ | ✓ |
| CCPA / CPRA | ✓ | ✓ |
| PIPEDA | — | ✓ |
| EU-US / UK / Swiss DPF | ✓ | — |
| SAML SSO | Enterprise tier only | Scale tier and above |
| Single-tenant deployment | Enterprise add-on | Enterprise tier (single tenant / private cloud / dedicated cloud / on-prem) |
| IP allowlisting | — | ✓ |
| Customer-managed secrets | — | Scale tier and above (AWS, GCP, Azure, HashiCorp Vault) |
| Annual third-party penetration testing | ✓ | ✓ |
| Merge has the broader cert list, including ISO 27001 and Data Privacy Framework participation. Unified.to's no-storage architecture removes end-customer PII persistence from its environment, which materially reduces audit scope on the Unified side. Both can support an enterprise security review; the architectures shape what that review has to cover. |
What does the developer experience look like?
Merge offers polished documentation, sandboxes on higher tiers, dashboards, automatic issue detection, and searchable logs. Reviewers consistently describe Merge's documentation and observability as strengths.
Unified.to offers 7 auto-generated, version-aware SDKs, prebuilt auth components for major frameworks, consistent pagination and error handling across vendors, and developer tooling including call logs, test calls, and virtual webhook configuration. Hands-on support is included on every plan, including the trial.
G2 ratings as of January 2026: Unified.to maintains a 5.0 rating; Merge has more reviews from a longer tenure on the platform. The themes overlap: support quality, integration breadth, and developer experience are praised on both. Merge reviewers occasionally cite cost as a concern at scale; Unified reviewers occasionally request more documentation examples and note ongoing integration expansion.
Should you choose Merge or Unified.to?
Choose Merge if:
- Your core workload is HR analytics or payroll intelligence, where Merge's HRIS depth has the longest track record
- Your read patterns tolerate sync-bound freshness (minutes to hours of staleness)
- Your buyer profile is small and customers use integrations heavily, making per-account pricing predictable
- Your compliance review accommodates a unified API vendor as a data sub-processor storing customer data at rest
Choose Unified.to if:
- Your product depends on real-time data from source APIs (AI assistants, copilots, live dashboards, customer-facing flows)
- You need integration coverage across multiple categories beyond HR and ATS
- You want to avoid storing customer data in a third-party integration layer
- Your unit economics work better with usage-based pricing across many customers
- You want features like custom objects, field-level scopes, and zero-data-retention on every plan rather than gated to higher tiers
Key takeaways
- Merge uses a sync-and-cache model. Unified.to uses pass-through.
- Merge prices per linked account starting at $650/mo for 10 accounts. Unified.to prices on usage starting at $750/mo for 750,000 API calls on the Grow plan, with a 30-day free trial.
- Custom fields, custom objects, full-coverage deletion detection, field-level scopes, Destinations, SAML SSO, and Audit Trail are gated to Professional or Enterprise on Merge. They are available on every plan or part of the architecture on Unified.to.
- Merge stores end-customer data and credentials indefinitely until manually deleted. Unified.to stores no end-customer data at rest.
- Pass-through latency is typically 800ms–1.5s. Cached reads can be sub-100ms. The right choice depends on whether your application needs current data or fast cached access.
- Both platforms hold SOC 2 Type II, HIPAA, GDPR, and CCPA. Merge adds ISO 27001 and DPF participation. Unified.to adds PIPEDA and the architectural advantage of no PII persistence.
Start your free 30-day trial or talk to our team to see Unified.to in production.