Security is not a feature we bolted on later. It is the frame the whole platform sits inside. Card data is tokenized and never stored in the clear, every byte is encrypted moving and at rest, and access is locked down with passkeys and least privilege. Here is exactly how we protect your money and your customers.
Each one is a real control with a real owner, not a line on a slide. Together they cover the card, the connection, the account, and the trail everything leaves behind.
Card handling is built to the current Payment Card Industry standard. We validate as a SAQ-A merchant, the card number is tokenized on the way in, and the PAN is never written to our stores in the clear.
Segmented cardholder data environmentEverything on disk is sealed with AES-256, and everything on the wire rides TLS 1.3. Keys live in a hardware security module and rotate on a set cycle, so a stolen backup just reads as noise.
HSM-backed key rotationBack a password with an authenticator app or a security key, or drop it entirely with a passkey. Passkeys are bound to your device, so they cannot be phished, replayed, or handed over by mistake.
WebAuthn and FIDO2A web application firewall sits in front of every request, and a bot layer sorts real people from scripts. Credential stuffing, injection, and volumetric abuse get stopped at the edge before they reach an account.
Rate limits and risk challengesEvery sign-in, role change, payout, and API call writes a record you cannot quietly rewrite. See who did what and when, export it, or stream it straight into your own SIEM.
Tamper-evident and exportableMoney moves as balanced double-entry postings, and each entry is chained to the one before it with a cryptographic hash. Change a single historical row and the chain breaks, so the books cannot be edited behind your back.
Every entry links to the lastData is protected from the moment a request leaves the browser to the second it settles on disk, and every stage in between. We do not roll our own crypto. We use well known ciphers, current TLS, and a hardware security module to hold the keys nobody should ever touch by hand.
TLS 1.3 with strong cipher suites and HSTS. Older protocols are turned off, not just discouraged.
AES-256 on databases, backups, and file storage. A lost drive gives up nothing readable.
Keys are generated and stored in an HSM, scoped by service, and rotated on a fixed schedule.
Payment details captured in a sealed field, never exposed to your page.
Every request is inspected, filtered, and rate limited before it reaches the core.
The card number is swapped for a token. The real PAN goes to the vault, not the app.
Written to disk sealed with AES-256, with keys held in the HSM.
Each block carries the hash of the one before it. Rewrite history and the chain stops matching.
Under the hood, money moves as double-entry accounting. Every transaction is two balanced postings, so totals always reconcile. On top of that, each entry is linked to the one before it with a cryptographic hash, which means the history is append-only in the truest sense. You can trust the number because you can prove nobody changed it.
Every movement is a debit and a matching credit. The books net to zero, so money cannot appear or vanish.
Each entry carries the hash of the entry before it. Alter one historical row and every hash downstream stops matching.
Balances are recomputed and checked against the chain around the clock, not in a month-end scramble.
Passwords alone are weak, so we back them with a second factor and offer passkeys that skip the password altogether. Inside an account, every teammate gets only the access their role needs, and sensitive actions ask for a fresh check. Odd sign-ins get challenged automatically.
WebAuthn passkeys, security keys, and authenticator apps. SMS is the fallback, not the default.
Owner, admin, developer, support, and finance roles, each scoped to least privilege.
A new device, a new country, or an odd hour triggers a step-up prompt before we let it through.
Passkey on this device matched the account. No password typed.
Known device, trusted for 30 days, matching fingerprint.
Sign-in from Edmonton, the same region as recent activity.
Large transfer requested. Step-up confirmation asked for.
Finance role only. Developer and admin surfaces stay hidden.
Our own word is not enough, and we know it. These are the standards we hold ourselves to and the outside reviews that check we actually do. We share reports with partners under NDA.
Card handling is assessed against the current v4.0.1 standard, with a scoped cardholder data environment and yearly re-validation.
Attestation of complianceAn independent auditor is testing our security, availability, and confidentiality controls across an observation window. The Type II report lands this year.
Request the reportAn ISO 27001 management system is on the roadmap. We are lining up the controls now, and the external certification audit sits in a later phase.
See the roadmapGood security researchers make us better, so we treat them as partners, not threats. Report a real issue in good faith and we will confirm we got it fast, keep you posted while we fix it, and credit you if you want the credit. Test against your own accounts, avoid data that is not yours, and give us a reasonable window before you go public.
Email [email protected] with steps to reproduce and the impact you see. Encrypt it with our PGP key if you like.
You hear back within one business day that a real person has the report and is looking into it.
We confirm the issue, rank the severity, and work a fix. You get status updates the whole way through.
Once it is patched and verified, we let you know, and we credit you publicly if you want the recognition.
Start with tokenized cards, encryption, and passkeys on day one. No extra setup, no extra fee.