Industry-standard encryption for all stored data. Your sensitive information is encrypted using AES-256, the same encryption used by banks and governments worldwide.
All data transmitted between your browser and our servers uses TLS 1.3, the latest and most secure version of transport layer security.
Every API request and response is encrypted end-to-end. Even if intercepted, the data remains unreadable to attackers.
Encryption keys are managed through Vercel's secure environment variables system with automatic rotation and access controls.
SOC 2 Type II and ISO 27001 certified infrastructure. Enterprise-grade security with automatic SSL and DDoS protection.
SOC 2 compliant and GDPR ready PostgreSQL database with built-in security features.
Enterprise-level DDoS mitigation via Cloudflare handling 100+ million requests per second.
Data replicated across multiple geographic regions for high availability and disaster recovery.
We use standard, battle-tested USDC token contracts. No custom code means no custom vulnerabilities.
All transactions are signed in your browser using your wallet. Your private keys never leave your device.
Funds go directly from customer wallet to merchant wallet. StablePay never has access to move, freeze, or hold your money.
Every payment is publicly verifiable on the blockchain. Full transparency and immutable audit trail.
Built in NYC, securing payments globally. Our ongoing security initiatives:
We only collect data that's essential for payment processing. No unnecessary tracking or profiling.
Request a full export of all your data at any time through your dashboard or by contacting support.
Request complete deletion of your account and associated data. We retain only legally required transaction records.
Available on enterprise plans. Store your data exclusively in EU data centers for full GDPR compliance.
Essential transaction information for payment processing:
Public blockchain transaction IDs. This data is already public on the blockchain and allows payment verification.
Email, company name, and wallet addresses for merchants accepting payments.
Your security is paramount. We never collect:
Required by financial regulations for audit and compliance purposes. Includes payment amounts, timestamps, and transaction IDs.
Merchants have permanent access to their order history for business records and customer support.
Technical logs for debugging and security monitoring. Automatically deleted after 90 days.
Your account information is retained until you request deletion. You can export or delete your data anytime.
Customer clicks 'Pay with Crypto' on merchant's checkout page. StablePay payment modal opens with order details and supported networks.
Customer connects their Web3 wallet to confirm payment:
USDC is sent directly from customer wallet to merchant wallet on-chain. Key security features:
Payment is verified on blockchain and merchant is notified:
StablePay NEVER holds your funds. Here's why this matters:
Most secure and battle-tested blockchain. Support for mainnet and testnets:
Low-cost Optimistic Rollups with Ethereum security:
High-throughput scaling solutions:
Ultra-fast payments with sub-second finality:
Industry-standard tokens on EVM chains:
Solana Program Library standard. Currently supporting USDC with more tokens coming soon.
We only support battle-tested tokens:
Every payment is verified directly on the blockchain. No off-chain trust required - math and cryptography guarantee payment authenticity.
We monitor blockchain nodes 24/7 to detect and confirm transactions instantly. Webhooks fire within seconds of confirmation.
All transaction hashes are publicly visible:
Granular permissions system. Team members only access what they need - developers can't access production databases, support can't modify code.
MFA required for all team accounts. Hardware security keys (YubiKey) required for admin access. No exceptions.
All API keys and secrets automatically rotated every 90 days. Zero-downtime rotation with overlapping validity periods.
Every user and service has minimum permissions needed. Regular access reviews to remove unused permissions.
Round-the-clock infrastructure monitoring across all systems:
Instant notifications for errors, slowdowns, or anomalies. On-call engineers paged immediately for critical issues.
Every action logged with timestamp, user, IP address, and context. 90-day retention for compliance and debugging.
Machine learning models detect unusual patterns - sudden traffic spikes, unusual API usage, or potential attacks.
Detailed playbooks for every scenario - data breaches, DDoS attacks, infrastructure failures. Regularly tested and updated.
Critical security issues addressed within 24 hours. On-call rotation ensures always-available response team in NYC timezone.
Thorough root cause analysis after every incident. Public postmortems for issues affecting merchants. Preventive measures implemented.
Transparent communication during incidents. Email, dashboard alerts, and status page updates keep merchants informed.
No chargebacks, ever. Crypto payments are final once confirmed:
Every transaction is mathematically verified on-chain. No fake payments, no double-spends, no fraud.
Crypto's biggest advantage - payments can't be reversed by banks or payment processors. You're in control.
Machine learning monitors transaction patterns. Suspicious activity flagged instantly for merchant review.
Less than 9 hours of downtime per year. Financial penalties if we miss SLA targets. Your payments stay online.
Deployed across multiple data centers worldwide. If one region fails, traffic automatically routes to healthy regions.
Health checks every 10 seconds. Automatic failover to backup systems in under 30 seconds. Zero manual intervention.
Live system status at status.wetakestables.shop. Subscribe for incident notifications and maintenance windows.
Issue refunds directly from your dashboard. Connect your wallet once, refund with one click. Full history and tracking.
Process multiple refunds in one transaction using Multicall3:
Every refund logged with reason, amount, timestamp, and transaction hash. Export for accounting and compliance.
You set refund policies. Full refunds, partial refunds, or no refunds - your business, your rules.
Full source code available for inspection:
Complete API docs with code examples in multiple languages. Try all endpoints in interactive playground before integrating.
Simple pricing: 1% per transaction (volume discounts to 0.3%). No setup fees, no monthly fees, no surprise charges. What you see is what you pay.
Transparent pricing, always:
Found a security issue? Report it privately to security@wetakestables.shop. We'll acknowledge within 24 hours and keep you updated throughout the fix process.
Launching Q4 2025. Rewards up to $10,000 for critical vulnerabilities. Help us build the most secure crypto payment platform.
All security issues published on GitHub after fix deployment. Full timeline, impact assessment, and remediation steps disclosed.
Monthly security newsletter with platform updates, dependency patches, and industry security news. Subscribe in your dashboard.
If you discover a security vulnerability, please email us at:
security@wetakestables.shopInclude: detailed description, steps to reproduce, potential impact, and your contact info. We respond within 24 hours.
Join hundreds of merchants accepting crypto payments with StablePay
What you get: