When it comes to payments, security isn't optional. Here's how we approach it at billing.io.
Non-Custodial by Design
The most important security decision we made was to be non-custodial. This means:
- We never hold your funds
- You maintain full control of your private keys
- No single point of failure
Our Security Stack
Infrastructure
- All infrastructure runs on isolated networks
- Regular penetration testing by third-party firms
- SOC 2 Type II compliance (in progress)
Smart Contracts
- Audited by leading security firms
- Open source for transparency
- Bug bounty program for responsible disclosure
Application Security
- End-to-end encryption
- Hardware key support
- Multi-factor authentication
Best Practices for Merchants
We also provide guidance to help you maintain security:
- Use hardware wallets for withdrawal addresses
- Enable webhook signature verification
- Regularly rotate API keys
- Monitor for unusual activity
Reporting Vulnerabilities
Found something? We have a bug bounty program. Reach out to security@billing.io.
