Security

Precise claims. No buzzwords.

We publish exactly what protections exist today and what is planned — and we do not claim certifications we do not hold.

In place today

  • All connections encrypted in transit with HTTPS/TLS
  • Passwordless merchant login (mobile OTP)
  • Role-separated super-admin portal with login rate-limiting and lockout
  • Session expiry and audit logging of administrative actions
  • Daily database persistence with server-side backups
  • Your data is never sold; see Privacy Policy

Planned before national launch

  • Two-factor authentication for super-admins
  • Encrypted off-site backup rotation with restore drills
  • Independent security review before national launch

Questions about data ownership or export?