Security at Mozart Pay
We take the protection of your data seriously. Here's how we keep your credentials and payment data safe.
Data Encryption
All gateway credentials are encrypted at rest using Rails encrypted attributes with AES-256-GCM. Data in transit is protected with TLS 1.2+ encryption on every connection.
No Fund Access
Mozart Pay routes API calls to your payment gateways on your behalf. We never touch, hold, or have access to your funds. Money flows directly between your customers and your gateway accounts.
Credential Isolation
Each merchant's gateway credentials are stored in complete isolation. Credentials are never shared, co-mingled, or accessible across accounts. Every set of credentials is independently encrypted.
Access Control
Merchant accounts are secured with Devise authentication. API access requires scoped bearer tokens tied to individual apps. All actions are logged for auditability.
Infrastructure
Mozart Pay is hosted on secure cloud infrastructure with automated backups, network isolation, and monitoring. Our systems are regularly updated and patched.
PCI Compliance
Mozart Pay never stores, processes, or transmits cardholder data. Card details are handled entirely by your payment gateways, who maintain their own PCI DSS compliance.
Trust & Compliance
Working Towards SOC 2
We are working towards SOC 2 Type II certification to formally validate our security controls.
Enterprise Inquiries
For enterprise security requirements or to request our security documentation, contact security@mozartpay.io.
Responsible Disclosure
Found a security vulnerability? We appreciate your help keeping Mozart Pay safe. Please report any security issues to security@mozartpay.io and we'll respond promptly.
Ready to get started?
Join merchants who trust Mozart Pay with their payment orchestration.