Security Statement

Secure By Design

Tangerpay Australia facilitates payments between you and your customers. As a payment provider, taking security seriously isn't just a throwaway line in a security statement. It's our business. 

This security statement should be read in conjunction with our Privacy Policy. If you have any questions feel free to reach us at service@tangerpay.com.

If you have discovered a security issue please contact us at service@tangerpay.com. If there is anything sensitive you'd like to report, please consider encrypting your email with our PGP key, https://keybase.io/tangerpay.

Cloud Security

Tangerpay is hosted within the Microsoft Azure cloud in Australia. Tangerpay takes full advantage of the cloud security features of Azure, including network firewalls and access control. 


Tangerpay acts in accordance with the Australian Privacy Principles and complies with the Privacy Act. We collect personally-identifiable information relating to our customers and the users of our services as described in our Privacy Policy.

Tangerpay uses PCI-DSS compliant payment gateways to process card payments on our behalf. Consequently, Tangerpay does not receive, store, transmit or process sensitive cardholder data.

Access Control

Access to make changes to source code, and to access test and production infrastructure is provided only to select Tangerpay partners. No other staff have access to environments or data.


Tangerpay only allows network connections using TLS 1.2 and above. Qualys SSL Labs rates us an A+.

Tangerpay data, including the online database, backups and log files are also encrypted at rest.

User credentials are additionally protected using modern, memory-hard, keyed hash functions.

Breach Notification

At all times we will do our very best to apply industry leading security techniques, encryption and best practices, however absolute security can not be guaranteed. In the event of a breach we will notify any affected users so they can take appropriate protective steps.

Test Environments

Tangerpay's test environments do not share configuration settings with the production environment. Data sets are anonymised to ensure no personally-identifiable information is exposed to software engineers or other staff.