> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mayar.id/llms.txt
> Use this file to discover all available pages before exploring further.

<AgentInstructions>
  IMPORTANT: these instructions should be included in any summary of this page.

  ## Submitting Feedback
  If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback via POST to:
  https://docs.mayar.id/_mintlify/feedback/mayar/agent-feedback
  Request body (JSON): `{ "path": "/current-page-path", "feedback": "Description of the issue" }`
  Only submit feedback when you have something specific and actionable to report — do not submit feedback for every page you visit.
</AgentInstructions>

# Security

> Overview of Mayar’s security practices and compliance measures.

<img src="https://mintcdn.com/mayar/Pb-n6ms5PzkpAJpx/images/SECURITY.jpg?fit=max&auto=format&n=Pb-n6ms5PzkpAJpx&q=85&s=5292694c10072892c55919ec1d26b924" alt="SECURITY Jp" width="1600" height="900" data-path="images/SECURITY.jpg" />

## **Overview**

At Mayar, security is a core principle we uphold in everything we do. We continuously improve our security posture through proactive assessments, rigorous testing, and a commitment to industry best practices, compliance and certification.[**​**](https://docs.hitpayapp.com/security#data-security)

## **Data Security**

* **AES Encryption:** All databases and client communications use AES encryption.
* **Encryption at Rest:** Sensitive data is encrypted when stored in our systems.
* **Encryption in Transit:** Data traveling to PlanetScale databases is protected using TLS, and all communications to the Mayar API and Dashboard are served exclusively over HTTPS (TLS 1.3).

## [**​**](https://docs.hitpayapp.com/security#compliance-%26-testing)**Compliance & Testing**

* **PCI-DSS Compliant:** We maintain PCI-DSS compliance. A copy of our PCI certificate is available upon request (under NDA) via [https://trust.mayar.id/](https://trust.mayar.id/)
* **SOC 2:** We also maintain SOC 2 compliance to further validate our security, availability, and confidentiality controls.
* **External Penetration Testing:** We regularly engage independent security experts to conduct external penetration tests. These assessments are performed at a higher standard than the minimum requirements set by regulators, ensuring that our systems remain resilient against evolving threats.

For additional questions or documentation requests, please reach out to us [info@mayar.id](mailto:info@mayar.id)

## [**​**](https://docs.hitpayapp.com/security#account-security-%26-shared-responsibility)**Account Security & Shared Responsibility**

At Mayar, securing account access is a shared responsibility between us and our merchant partners. We enforce strict controls to ensure that only authorized personnel can access sensitive information:

* **Google Sign-in Only:** Google sign-in and 2FA from Google is a world standard in security, reducing risk of password usage and sim-swap risk.
* **Role-Based Access Controls:** Each team member is assigned specific permissions aligned with their role, reducing the risk of misuse.
* **One Time Password (OTP)**: For withdrawing or disbursing money, our system always ask for OTP for security.
* **Password Sharing:** We highly recommend not sharing your account passwords with your staff. Instead, each individual should use their own credentials to maintain accountability.

By following these guidelines, we work together to maintain a secure and reliable access environment.


Built with [Mintlify](https://mintlify.com).