Security-first Infrastructure
Built with ISO 27001 security controls in mind. Encryption at rest and transit. Role-based access. Full audit trail on every transaction.
Encryption at Rest & Transit
All customer data is encrypted at rest using AES-256. All data in transit uses TLS 1.3. API credentials are stored using one-way hashing — not retrievable after creation.
Role-Based Access Control
Granular RBAC across all platform interfaces. API keys scoped by permission level (read-only, payout-initiation, admin). Team access audited quarterly.
Immutable Audit Trail
Every API action, payout, conversion, and balance change is logged with timestamp, actor, and before/after state. Logs are immutable and retained for 7 years per MAS guidelines.
Penetration Testing
Infrastructure and API are subject to penetration testing by an independent third party. Built with ISO 27001 security management controls in mind. Findings remediated on defined timelines.
Security questions? Talk to our CTO.
We're happy to walk enterprise customers through our security architecture during the technical assessment call.