Trust & security

Security at Paycape

How we protect your business financial data. Built with bank-grade security from day one.

Last reviewed: January 2026

Encryption

AES-256 encryption for all data at rest. TLS 1.3 for every connection between your browser and our servers. Your financial data is unreadable to anyone without authorised access.

Infrastructure

Hosted on AWS with DDoS protection, Web Application Firewall, and 24/7 automated monitoring. Automatic backups every 6 hours with 30-day retention.

Access controls

Role-based permissions — every user sees only what their role permits. Multi-factor authentication available. Every action is logged in an immutable audit trail.

Compliance

NDPR compliant. SOC 2 Type II in progress. Regular third-party penetration testing. We notify affected users within 72 hours of any confirmed breach.

Payments

Payment processing via Paystack — a PCI-DSS compliant provider. Paycape does not store card numbers. All payment data is handled by Paystack's certified infrastructure.

Data residency

Your business data is stored on servers in the EU (AWS eu-west-1) with replication to a secondary region. We do not transfer your data to jurisdictions without adequate protection.

Our security practices

Penetration testing

Independent security researchers test our platform quarterly. All findings are remediated before new features ship.

Vulnerability disclosure

If you find a security vulnerability, please report it to security@paycape.com. We acknowledge within 24 hours and respond within 5 business days.

Breach notification

In the unlikely event of a data breach, we will notify affected users within 72 hours as required by the NDPR.

Employee security

All Paycape team members undergo background checks, sign confidentiality agreements, and receive mandatory security training.

Dependency scanning

All third-party dependencies are scanned continuously for known vulnerabilities using automated tooling.

What you can do to stay secure

Enable two-factor authentication for your Paycape account and encourage all team members to do the same.

Use strong, unique passwords — we recommend a password manager.

Review your active sessions regularly from your account settings. Terminate any sessions you do not recognise.

Only give team members the role they actually need. Do not give Admin access to people who only need Staff or Viewer access.

If a team member leaves, revoke their access immediately from your workspace settings.

Be suspicious of any email claiming to be from Paycape that asks for your password. We will never ask for your password by email.

Found a security vulnerability?

We take security reports seriously. If you find a vulnerability in Paycape, please email us responsibly — do not disclose it publicly before we have had a chance to fix it.

security@paycape.com