Security
Your security is our priority
PayDirect is built with security at every layer. Here's exactly how we protect your business and your clients' data.
Encryption everywhere
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. API keys and secrets are never stored in plain text.
Role-based access control
Granular permissions let you control exactly what each team member can see and do. Sensitive actions require explicit authorisation.
Audit logging
Every payment event, status change, and administrative action is recorded with a timestamp and actor ID. Nothing happens silently.
Secure infrastructure
PayDirect runs on hardened cloud infrastructure with automatic scaling, DDoS mitigation, and regular vulnerability scanning.
Session management
Sessions expire automatically after inactivity. Users can revoke all active sessions at any time. CSRF tokens protect every state-changing request.
Compliance-ready
PayDirect is designed to support PCI DSS compliance requirements. Sensitive card data is handled by certified payment processors — never stored on our servers.
How we operate
Security practices
Data minimisation
We only collect and retain data that is necessary to deliver the service. Payment card data is tokenised by our payment processor and never touches PayDirect servers.
Penetration testing
We conduct regular third-party security assessments and address findings before they reach production.
Dependency management
Dependencies are monitored continuously for known vulnerabilities. Critical patches are applied within 24 hours of disclosure.
Incident response
We maintain a documented incident response plan. In the event of a breach affecting your data, we will notify you within 72 hours as required by applicable data protection law.
Employee access
Access to production systems is restricted to essential personnel, requires multi-factor authentication, and is reviewed quarterly.
Backups
Database backups are taken daily, encrypted, and stored in a geographically separate region. Recovery is tested regularly.
Responsible disclosure
We take vulnerability reports seriously. If you've discovered a potential security issue in PayDirect, please contact us privately so we can address it before it affects users. We commit to responding within 48 hours and keeping you informed as we work on a fix.
Report a vulnerability