Overview
At Mayar, security is a core principle we uphold in everything we do. We continuously improve our security posture through proactive assessments, rigorous testing, and a commitment to industry best practices, compliance and certification.Data Security
- AES Encryption: All databases and client communications use AES encryption.
- Encryption at Rest: Sensitive data is encrypted when stored in our systems.
- Encryption in Transit: Data traveling to PlanetScale databases is protected using TLS, and all communications to the Mayar API and Dashboard are served exclusively over HTTPS (TLS 1.3).
Compliance & Testing
- PCI-DSS Compliant: We maintain PCI-DSS compliance. A copy of our PCI certificate is available upon request (under NDA) via https://trust.mayar.id/
- SOC 2: We also maintain SOC 2 compliance to further validate our security, availability, and confidentiality controls.
- External Penetration Testing: We regularly engage independent security experts to conduct external penetration tests. These assessments are performed at a higher standard than the minimum requirements set by regulators, ensuring that our systems remain resilient against evolving threats.
Account Security & Shared Responsibility
At Mayar, securing account access is a shared responsibility between us and our merchant partners. We enforce strict controls to ensure that only authorized personnel can access sensitive information:- Google Sign-in Only: Google sign-in and 2FA from Google is a world standard in security, reducing risk of password usage and sim-swap risk.
- Role-Based Access Controls: Each team member is assigned specific permissions aligned with their role, reducing the risk of misuse.
- One Time Password (OTP): For withdrawing or disbursing money, our system always ask for OTP for security.
- Password Sharing: We highly recommend not sharing your account passwords with your staff. Instead, each individual should use their own credentials to maintain accountability.