Security

Security is foundational to OpenPayments. This page outlines our security principles and the measures we take to protect customer data and system integrity.

Security Principles

• Least-privilege access for systems and internal tools
• Secure defaults and defense-in-depth across services
• Continuous monitoring and incident response readiness
• Privacy-first data handling and minimization

Data Protection

• Encryption in transit (TLS) for network communications
• Encryption at rest where applicable for stored data
• Role-based access controls (RBAC) for internal access
• Regular reviews of data retention and access pathways

Application & Infrastructure Security

• Secure development practices and code review
• Dependency and vulnerability management
• Logging and monitoring for anomalous behavior
• Backups and recovery procedures to support resilience

Reporting a Vulnerability

If you believe you’ve found a security issue, please report it responsibly. Email: security@openpayments.example

Please do not include sensitive personal data in your report. We’ll respond as quickly as possible.

Updates

We may update this Security page as our practices evolve. The “Last updated” date reflects the most recent changes.