Security Policy

We understand the importance of keeping your data private and strive to do our very best to keep your data secure and confidential.

If you would like more information on our other policies, we have Terms of Service and a Privacy Policy. Additionally, please get in touch with us at hello@payhere.co.

Hosting

Payhere is primarily hosted on Heroku, and our user data is stored in Heroku Postgres. We make use of some additional Amazon Web Services products for file storage and content delivery. You may review Heroku’s security policy for further information. Needless to say, it’s state of the art, they are also PCI Level 1 compliant.

Our infrastructure is secured by a limited number of engineers who use two-factor authentication.

All of our web traffic is encrypted with TLS using state-of-the-art RSA 2048-bit keys, provided by Lets Encrypt and rated “A+” by Qualys SSL Labs (as of January 2020).

Software choices

Payhere has been developed by experienced engineers and built on top of quality open-source software. The core application is built using Ruby on Rails and follows industry best practices. The client-side application for payhere is built using React.

We monitor our codebase for CVEs automatically as part of our continuous deployment process and apply security patches as soon as we are made aware. We also monitor for application errors in real-time, and all issues are immediately escalated to our engineering team.

Backup policy

Payhere’s data is backed up to multiple regions within the AWS system to prevent a single point of failure leading to data loss. Backups are stored for 30 days and then permanently deleted.