Security

Specific controls beat vague "bank-grade" claims.

Silvatech Payments is designed around least exposure, tenant isolation, auditability, and honest compliance scope.

TLS 1.3

Public traffic is designed for modern TLS termination and secure browser transport.

PCI scope

The public app avoids raw card-data storage; merchant PCI obligations depend on the selected flow.

Tenant isolation

Tenant configuration, tokens, callbacks, and payment records are scoped by tenant boundaries.

Data residency

Production hosting details are documented per deployment and reviewed with enterprise customers.

Audit logs

Payment lifecycle activity records request IDs, timestamps, external references, and operator actions.

Disclosure

Security contact details are published through security.txt.

Tenant isolation model

Tenant config API auth Payment lifecycle Audit log

Each tenant keeps its configuration, credentials, callbacks, tokens, and payment records scoped to its own operating boundary.

Sample audit line

{
  "request_id": "req_7f9b",
  "tenant": "tenant_demo",
  "event": "payment.captured",
  "external_reference": "PAY-BZ-1842",
  "operator": "system",
  "pii": "masked"
}

What we're not certified for yet

We do not claim new compliance certifications in this pass.

PCI scope, external penetration-test cadence, and data-residency commitments are reviewed during onboarding and enterprise contracting. Public claims stay inside verified controls.

View security.txt