'%20/%3e%3c/svg%3e){kind=small}
Security
How the platform protects you
Multi-tenant isolation, role-based access, OTP/2FA on money movement, HMAC-verified APIs, and durable audit logging — security built into every layer of the platform.
Multi-tenant data isolation
Every read and write is scoped to the authenticated tenant, so one client's data is never exposed to another.
Tenant scope
Row-level
Authenticated as
Acme Marketplace
- Acme Marketplace Scoped in
- Northwind Group Out of scope
- Helios Studios Out of scope
Cross-tenant accessBlocked
Role-based access control
Granular roles across admin, vendor, agent, sub-client, and employee surfaces keep every action scoped to permission.
Access matrix
Scoped
Role
Admin
- View ledger
- Approve payout
- Release funds
- Manage roles
Checked against roleEnforced
OTP/2FA on money movement
Two-factor gates are required on money movement and on enabling auto-pay rules, so no payment leaves without a verified sign-off.
Payout gate
2FA required
Releasing payout
Vendor · Larkspur Ltd
SEPA · EUR
Awaiting verification…
Released
Released without 2FA0
Separation of duties
Designed for separation of duties
The three-gate payout lifecycle enforces "four eyes" — approval, authorization, and execution are separate permissions with separate audit trails — so no single person can move money alone.
- Approval
- Authorization
- Execution
- Audit trail logged
What you get
Protection at every layer, every action.
HMAC-verified APIs, hardened API keys, durable audit logging, and secret protection — controls that guard every request and every payment.
HMAC-verified APIs & webhooks
Agent/API and webhook surfaces verify HMAC signatures and fail closed when verification material is missing.
API key hardening
Per-key scopes, expiry, IP allow-lists, and rate limits, with tighter limits on OTP and token endpoints.
Controls coverage · preview
Every request
0%requests verified
- Encryption in transit · TLS 1.2+
- Encryption at rest · AES-256
- HMAC-verified APIs & webhooks
- OTP/2FA on money movement
Fail-closed on bad signaturesEnforced
Security at a glance
Protection built into every layer
100%money movement behind 2FA
0secrets in version control
RBACleast-privilege access
3separation-of-duty gates
SOC 2 Type II
TLS 1.2+
AES-256
HMAC-verified
Durable audit logging
Trails record actor, tenant, action, and result — and secrets are never logged.
Secret protection
Committed secrets are kept out of version control by standing policy.
Why teams switch
Every action, logged and accounted for
Durable audit logging records the actor, tenant, action, and result for every event — and secrets are never logged. Every money movement passes an OTP/2FA gate and the three-gate lifecycle before it's released.
Audit trail
approver@acme
Approved payout
Logged
Actor
Tenant
Result
Event types
Sign-in
Role change
Payout approved
2FA verified
Key rotated
Append-onlyaudit log
Never loggedsecrets
FAQ
Frequently asked questions
Everything you need to know about data isolation, access controls, two-factor authentication, API security, and our penetration-testing program.
Still have questions?
How is one client's data kept separate from another's?
Through multi-tenant data isolation: every read and write is scoped to the authenticated tenant.
What requires two-factor authentication?
Money movement and enabling auto-pay rules require an OTP/2FA gate.
How are API keys protected?
With per-key scopes, expiry, IP allow-lists, and rate limits, plus HMAC verification that fails closed on agent/API and webhook surfaces.
Is the platform penetration-tested?
Yes — an extensive multi-phase penetration-testing program is run as part of PCI compliance.
Security built into
every layer
Multi-tenant isolation, RBAC, OTP/2FA, HMAC-verified APIs, and durable audit logging — security across the platform. Talk to our team about your requirements.