Legal
How we protect your funds and data.
All API traffic is encrypted in transit using TLS 1.3.
Our infrastructure runs on SOC 2 Type II certified cloud providers with quarterly security audits.
Private keys are never stored on our systems.
All API calls require authentication via signed API keys, which can be rotated at any time.
Webhook payloads are HMAC-signed. Verify the signature on every event before processing.
Report vulnerabilities to security@daripay.xyz.
Our security team monitors for anomalies 24/7. Affected customers are notified within 72 hours of any incident.
Post-incident reports are published publicly for all major incidents.