Security is one of our top priorities at Payhere.
We're committed to securing your customer data, eliminating systems vulnerability, and ensuring continuity of access.
Note: adding Payhere to your financial stack creates no additional exposure with sensitive payment method data—this data is neither handled nor stored on Payhere servers.
Security is directed and maintained by the Payhere Engineering leadership team.
Our Core Commitments:
All application, database, webhook, and API traffic is encrypted via TLS/HTTPS.
Data stores are encrypted at the disk-level, sensitive data encrypted within the database.
Only mission-critical data is processed and stored, and everything is deleted when service is cancelled.
Annual security & penetration testing is conducted by a third-party firm, with new vulnerabilities addressed routinely.
Employees receive training and background checks, and use full-disk encryption, VPNs, password managers, and 2FA wherever available.
Only authorized members of the Engineering and Success teams have access to your account data.
Below you will find a detailed overview of security controls at Payhere.
Payment Processor Account Access
External keys are used to access payment processor data whenever possible. In the case of Stripe, Payhere uses our own API key, combined with your Account ID, to interact with the Stripe API. This removes the need for Payhere to store your Stripe API key. For processors where this isn’t possible, API keys or tokens are stored and encrypted at-rest.
Payhere bills users using Stripe, a PCI Service Provider Level 1 certified payment processor—the most stringent certification level available. Stripe’s security information is available online. User card details are never transmitted through or stored on Payhere servers. Payhere validates its PCI compliance annually by filing a SAQ-A questionnaire.
Payhere “Capture” Payment Forms
Payhere hosts Capture pages and embeds which users can use to collect card details from their own customers. These pages are only available for users using a payment processor like Stripe or Braintree which makes use of tokenized cards, preventing card data from transmitting through or being stored on Payhere servers.
In addition to password login, two-factor authentication (2FA) provides an added layer of security to Payhere via a time-based one-time password algorithm (TOTP). We encourage 2FA as an important step towards securing data access from intruders.
REST API Authentication (API Key)
The Payhere REST API uses an API Key for authentication. Credentials are passed using the auth header and are used to authenticate a user account with the API.
The Payhere service includes email notifications and digest reports. We have aggressive domain-based message authentication, reporting, and conformance (DMARC) set up for monitoring reports to prevent the possibility of phishing scams. You can see the TXT record on _dmarc.payhere.co.
Application Development Lifecycle
Payhere practices continuous delivery. This means all code changes are committed, tested, shipped, and iterated on in a rapid sequence. A continuous delivery methodology, complemented by pull request, continuous integration (CI), and automated error tracking, significantly decreases the likelihood of a security issue and improves the response time to and the effective eradication of bugs and vulnerabilities.
Data into System
Payment Processors, and users via the Payhere API, send events to the Payhere server, which processes and stores the events. Audit data of processing and storing is transmitted to our logging infrastructure through encrypted connections.
Sensitive data is automatically scrubbed from application logs.
Data is sent securely to Payhere via TLS to HTTPS endpoints. All data is AES-256bit encrypted in transit.
The latest SSL Labs Report for Payhere can be found here.
Data out of System
After events are processed, data can be accessed via the Payhere user interface and API. Payhere integrates with third-party tools so users can manage workflows efficiently, and be alerted of important events via notification and chat tools, email and SMS alerts, help desks, and custom integrations. High standards for security and compliance also extend to the Payhere partner network.
Data Security and Privacy
Payhere servers and databases are encrypted at the disk level. In the unlikely event of an intruder accessing a physical storage device, the Payhere data contained within would not be possible to decrypt without the proper keys, rendering the information a useless jumble of random characters.
Encryption at-rest also enables continuity measures like backup and infrastructure management without compromising data security and privacy.
Payhere exclusively sends data over HTTPS transport layer security (TLS) encrypted connections for additional security as data transits to and from the application.
Databases have full-disk encryption, and sensitive data within those databases (API Keys, etc) is encrypted further at-rest.
Payhere retains event data for 90 days. Individual events and webhooks are removed after 90 or fewer days, and aggregate data is removed whenever possible.
All customer data stored on Payhere servers is eradicated upon termination of service, with account deletions after a 24-hour waiting period to prevent accidental cancellation. Data can also be deleted upon request for specific customers.
We recommend that users do not send any personally identifiable information (PII) to Payhere. By default, Payhere stores limited customer data, including email address, customer IDs, non-sensitive card data, and any metadata supplied by the user.
Anyone can report a vulnerability or security concern with a Payhere product by contacting firstname.lastname@example.org and including a proof of concept. We take all disclosures seriously, and upon receipt of a disclosure each vulnerability is verified before taking necessary steps to address it.
To encrypt sensitive information that is sent to us, our PGP key can be found on keyservers.
Infrastructure and Network Security
Physical Access Control
Payhere employees do not have physical access to Heroku or AWS data centers, servers, network equipment, or storage.
Logical Access Control
Payhere is the assigned administrator of its infrastructure on Heroku, and only designated authorized Payhere operations team members have access to configure the infrastructure on an as-needed basis behind two-factor authentication. Passwords and keys are stored in a secure and encrypted location.
Payhere undergoes annual penetration testing conducted by an independent, third-party firm. For testing, Payhere provides the agency with an isolated clone of the Payhere application and a high-level overview of application architecture. No customer data is exposed to the firm through penetration testing.
Information about any security vulnerabilities successfully exploited through penetration testing is used to set mitigation and remediation priorities. A summary of penetration test findings is available upon request to Enterprise clients.
Business Continuity and Disaster Recovery
Every part of the Payhere service uses properly-provisioned, redundant servers (e.g., multiple load balancers, web servers, replica databases) in the case of failure. As part of regular maintenance, servers are taken out of operation without impacting availability.
Payhere keeps regular encrypted backups of data on Heroku. While never expected, in the case of production data loss (i.e., primary data stores lost), we will restore organizational data from these backups.
In the event of a region-wide outage, Payhere will bring up a duplicate environment in a different region. The Payhere engineering team documents and simulates extreme scenarios, practicing recovery workflows.
All Payhere product changes must go through code review, CI, and build pipeline to reach production servers. Only designated employees on the Payhere engineering team have secure shell (SSH) access to production servers.
Testing and risk management is performed on all systems and applications on a regular, ongoing basis. New methods are developed, reviewed, and deployed to production via pull request and internal review.
Payhere performs risk assessments throughout the product lifecycle:
- Before the integration of new system technologies and before changes are made to Payhere physical safeguards
- While making changes to Payhere physical equipment and facilities that introduce new, untested configurations
- Periodically as part of technical and non-technical assessments of the security rule requirements as well as in response to environmental or operational changes affecting security
The Payhere operations team includes service continuity and threat remediation among its top priorities. We keep a contingency plan in case of unforeseen events, including risk management, disaster recovery, and customer communication sub-plans that are tested and updated on an ongoing basis and thoroughly reviewed for gaps and changes regularly.
Payhere conducts background checks for new employees, including verification on the following:
- Identity verification
- Global watchlist check
- National criminal records check
- County criminal records check
- (U.S. only) Sex offender registry check
New employees receive onboarding and systems training, including environment and permissions setup, formal software development training (if pertinent), and security policies review.
Engineers review security policies as part of employee onboarding. Any change to policy affecting the product is communicated to the entire engineering team. Major updates are communicated via email to all Payhere employees.
Payhere attests to its information & security compliance via the following:
- PCI SAQ-A
- Annual Penetration Test
Email email@example.com to obtain a copy of the report(s) you’re interested in.
To ensure that personal data you send Payhere is afforded the protections required by the GDPR, Payhere offers a Data Processing Addendum that incorporates the Standard Contractual Clauses.
Email firstname.lastname@example.org to receive a DocuSign copy of our DPA.
Payhere’s Data Processing Addendum provides assurances that: (1) Payhere acts solely as a service provider (as that term is defined under the CCPA) on a customer’s behalf, (2) Payhere does not retain, use or disclose personal data for any purpose other than the purposes described in the DPA, (3) and Payhere does not “sell” Personal Data (within the meaning under the CCPA).