Skip to main content
Public trust

Trust at Veyra.

Merchants depend on us, and we owe them — and you — visibility into how we run the platform. This page exists so you can audit our claims rather than take them on faith.

Live platform metrics

Refreshed every 60 seconds.

Live merchants
0
rounded down to nearest 5
30-day auth rate
83.7%
Veyra-native settled charges
Failed webhooks
0
last 24 hours
Incident status
No incidents
All systems operational

Programmatic access: /api/v1/system/status

Security

  • Hash-chained transaction, payout, refund, and dispute records make tampering detectable.
  • PII (EIN, BO SSN-last-4, BO DOB) is encrypted at rest with AES-256-GCM.
  • Strict tenant isolation via Postgres Row-Level Security.

Compliance

  • PCI scope is reduced via a PCI-certified token vault — cardholder PANs never traverse Veyra application servers.
  • OFAC SDN screening on every application and each beneficial owner.
  • Acceptable Use Policy gating at application time; see /acceptable-use.
  • AML program documented at /docs/AML_PROGRAM.md.

Operations

  • Platform-controlled merchant accounts sit under gateway platforms by vertical.
  • Internal admin actions go through a hash-chained audit log.
  • Underwriting is hand-reviewed by humans before approval.

What we are honest about

We are a small team. Here is what is intentionally still in progress:

  • Real AV scanning on document uploads is deferred to Phase 4.12. Current policy is magic-byte rejection plus tier-aware manual admin review.
  • SOC 2 attestation is not done yet. We follow the controls without the external audit.

Reach our team

Security questions: risk@veyragate.com.

Disclosure or report a vulnerability: same address. We do not pay bounties yet, but we will thank you publicly.