Security & Trust Center

Last updated: TBD — pending review.

NexusPay is built by engineers who treat security as a product feature, not a compliance checkbox. This page summarises our public security posture. For specifics that require non-disclosure please write to [email protected].

Encryption

• In transit: TLS 1.2+ on all public endpoints. HSTS preloaded.
• At rest: Postgres on encrypted block storage; daily encrypted backups.
• Sensitive fields — provider credentials, KYB document blobs — are encrypted with AES-256-GCM using a key held only in process memory and rotated quarterly.
• API secrets (sk_*) are stored as bcrypt hashes only.

Webhook integrity

Outbound webhooks are signed with HMAC-SHA256 and a Stripe-compatible header (X-NexusPay-Signature: t=<ts>,v1=<hex>). Signing secrets are rotatable from the dashboard.

Access control

• Admin accounts are role-scoped (superadmin, ops, readonly).
• Two-factor authentication available on admin and merchant accounts.
• Idempotency keys on payment-creation prevent duplicate charges (24 h TTL).
• Test keys cannot touch live data, and vice versa (hard-enforced at auth layer).

Operational security

• Audit log captures all admin actions; entries are tamper-evident.
• Daily off-site encrypted backups with quarterly restore drills.
• Dependency vulnerabilities tracked via Dependabot.

Vulnerability disclosure

We welcome responsible security research. Please email [email protected] with reproduction steps. Please do not test against live merchant data and do not publicly disclose findings before we have had a reasonable opportunity to respond.

Bug bounty

A formal bug-bounty program is in development. We currently recognise high-impact reports with goodwill payments at our discretion.

Subprocessors

Current list of subprocessors and the data they receive is available on request from [email protected].