Security
Precise claims. No buzzwords.
We publish exactly what protections exist today and what is planned — and we do not claim certifications we do not hold.
In place today
- All connections encrypted in transit with HTTPS/TLS
- Passwordless merchant login (mobile OTP)
- Role-separated super-admin portal with login rate-limiting and lockout
- Session expiry and audit logging of administrative actions
- Daily database persistence with server-side backups
- Your data is never sold; see Privacy Policy
Planned before national launch
- Two-factor authentication for super-admins
- Encrypted off-site backup rotation with restore drills
- Independent security review before national launch