Security
Security is not a feature
It's the foundation. Every component of MagnetPay is designed with security as the primary constraint.
PCI DSS Level 1
Highest level of payment card industry security certification. Annual on-site audit by a QSA.
SOC 2 Type II
Independently audited for security, availability, and confidentiality controls.
ISO 27001
Information security management system certified to international standards.
GDPR Compliant
Full compliance with EU data protection regulations. Data Processing Agreements available.
How we protect your data
Encryption at Rest & Transit
All data encrypted with AES-256 at rest and TLS 1.3 in transit. Card data tokenized on ingestion.
API Key Security
Scoped API keys, automatic rotation, IP allowlisting, and rate limiting per key.
24/7 Monitoring
Real-time threat detection, anomaly monitoring, and automated incident response.
Infrastructure Security
Multi-region deployment with network segmentation, WAF, DDoS protection, and regular penetration testing.
Authentication
Multi-factor authentication, SSO (SAML/OIDC), role-based access control, and session management.
Data Isolation
Tenant data isolation at the database level. No shared storage between merchants.
Network Security
Private VPC, security groups, NACLs, and encrypted inter-service communication.
Vulnerability Management
Continuous vulnerability scanning, dependency auditing, and responsible disclosure program.
Responsible Disclosure
We take security vulnerabilities seriously. If you discover a security issue in our platform, we appreciate your help in disclosing it responsibly. Please report vulnerabilities to our security team — do not open a public issue.
Scope: *.magnetpay.org, API endpoints, SDKs, dashboard
Response time: Initial acknowledgment within 24 hours
Bug bounty: Up to $10,000 for critical vulnerabilities