Security built into every transaction.

Data protection

Your data is encrypted at every stage. In transit it travels over TLS 1.2+; at rest it's protected with AES-256 encryption. Sensitive fields are isolated, and access to production data is tightly restricted and logged.

• Encryption in transit (TLS) and at rest (AES-256).
• Regular encrypted backups for resilience and recovery.
• Production access is restricted, logged, and reviewed.

Payment security

Payments run through PowerTranz, a PCI DSS Level 1 gateway. Card numbers are tokenized the instant they're entered and never stored on your devices or ours.

Access & accounts

We follow the principle of least privilege — people and systems get only the access they need.

• Role-based access — owners, managers, and staff each see only what their role requires.
• Secure authentication — passwords are hashed, and sessions expire automatically.
• Activity logging — sensitive actions are recorded for accountability.

Infrastructure

AloraPay runs on hardened, reputable cloud infrastructure with security designed in from the ground up.

Isolation

Environments are segmented so a problem in one area can't spread.

Patching

Systems are kept current with security updates and dependency reviews.

Resilience

Redundancy and backups keep the service available and recoverable.

Monitoring & response

We watch the platform around the clock and have a plan ready if anything looks wrong.

• Continuous monitoring with automated alerts on anomalies.
• A defined incident-response process to contain and resolve issues fast.
• Prompt, transparent notification if an incident ever affects you.

Report a vulnerability

Security is a shared effort. If you believe you've found a vulnerability, we want to hear from you — we investigate every report and won't pursue good-faith researchers.