Security & Trust

Security isn't a
feature. It's the
foundation.

Your customers trust you with their money. You trust us with theirs. We take that responsibility seriously — and built JidoPay with security baked into every layer.

Our principles

Four pillars of security.

Defense in depth

Every layer of our platform — from the database to the browser — has its own security controls. A breach in one layer doesn't compromise the others.

Zero trust by default

Every request is verified, every action is authenticated, every privilege is explicit. Nothing is trusted just because it's internal.

Never touch sensitive data

Card details, bank credentials, and identity documents never pass through our servers. They go directly to our certified payment infrastructure partners.

Continuous auditing

Every financial action is logged with immutable audit trails. Every code change is reviewed. Every deploy is tracked.

Controls

How we protect
your data.

Every piece of infrastructure is chosen for security first, convenience second.

End-to-end encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Encryption keys are rotated regularly and stored in hardware security modules.

Multi-factor authentication

MFA is available on every account and can be required for your entire team. We support authenticator apps, SMS, and hardware security keys.

Rate limiting & abuse protection

Every endpoint is protected against abuse with intelligent rate limiting. Suspicious patterns are automatically blocked and flagged for review.

Webhook signature verification

Every payment event is cryptographically signed and verified. Replays, forgeries, and tampering are detected and rejected.

Row-level data isolation

Your business data is logically isolated from every other merchant. No query, no API call, no code path can return another merchant's information.

Automated vulnerability scanning

Dependencies are scanned continuously for known vulnerabilities. Critical patches are deployed within hours of discovery.

Compliance

Certified and compliant.

PCI DSS

Payment Card Industry Data Security Standard

SOC 2 aligned

Systems & Organization Controls

GDPR ready

European data protection compliance

Found a security issue?

We take all reports seriously and respond within 24 hours. Please reach out privately so we can investigate and patch before public disclosure.

Responsible disclosure

Security isn't afeature. It's thefoundation.