GDPR Compliances

We use cookies to ensure you get the best experience on our website. By continuing to use our site, you accept our use of cookies, privacy policy and terms of service.

Newsletter image

Subscribe to our Newsletter

Join 10k+ people to get notified about new posts, news and updates.

Do not worry we don't spam!

Shopping cart

Subtotal
$97.00
View cart Checkout

Your favorites

You have not yet added any recipe to your favorites list.

Browse recipes

Schedule your 15-minute demo now

We'll tailor your demo to your immediate needs and answer all your questions. Get ready to see how it works!

Accept instant crypto payments for NFT mints, drops, and secondary sales → Get Started
English Get Started

Security

Controls for money movement.

Sole Pay protects account access, payment workflows, webhook processing, and compliance records with layered operational controls.

Platform controls

These are the practical controls used across the current Sole Pay stack and product direction.

Access

Account protection

Email/password accounts require activation before login. Google accounts use verified OAuth email. Sessions are signed and stored in secure cookies.

Secrets

Secret handling

Production API credentials are stored in Google Secret Manager and injected into Cloud Run at runtime instead of being committed to the codebase.

Database

Transaction records

Orders, webhook events, contact submissions, authentication events, and user records are stored in Postgres for support and reconciliation.

Payment and webhook security

Payment integrations need replay-safe handling, reliable acknowledgements, and visible records for investigation.

Webhook validation

  • Capture raw callback payloads.
  • Validate signatures where provider signatures are available.
  • Return success after storing the event to prevent unnecessary retries.
  • Keep a timeline of order updates and event payloads.

Compliance controls

  • KYC/KYB status gates higher-risk features.
  • AML/CTF, risk disclosure, regulatory disclosure, and complaints policies are published.
  • Payment and account activity should be reviewed for suspicious patterns.
  • Production activation should require commercial and compliance approval.
Report a security issueRead AML/CTF statement