Security &
Compliance.
Enterprise-grade security built into every layer of the platform. Your data and your customers' data is always protected.
256-bit Encryption
All data in transit and at rest is protected with AES-256 encryption, the same standard used by banks and government agencies.
PCI DSS Level 1
We maintain the highest level of PCI DSS compliance. Card data never touches our servers — it is tokenized at the point of entry.
SOC 2 Type II
Our infrastructure and processes are audited annually by independent third parties to verify security, availability, and confidentiality controls.
Plaid Verified
Bank account linking is handled entirely by Plaid, a trusted financial data network used by major institutions. We never store banking credentials.
Webhook Verification
All incoming and outgoing webhooks are signed with HMAC-SHA256 to ensure authenticity and prevent tampering or replay attacks.
Rate Limiting
API endpoints are protected with adaptive rate limiting and anomaly detection to prevent abuse, brute force, and denial-of-service attacks.
Security concerns?
If you have discovered a vulnerability or have a security question, please reach out to our security team directly.
Report a Security Issue