Secure By Design
Tangerpay Australia facilitates payments between you and your customers. As a payment provider, taking security seriously isn't just a throwaway line in a security statement. It's our business.
If you have discovered a security issue please contact us at firstname.lastname@example.org. If there is anything sensitive you'd like to report, please consider encrypting your email with our PGP key, https://keybase.io/tangerpay.
Tangerpay is hosted within the Microsoft Azure cloud in Australia. Tangerpay takes full advantage of the cloud security features of Azure, including network firewalls and access control.
Tangerpay uses PCI-DSS compliant payment gateways to process card payments on our behalf. Consequently, Tangerpay does not receive, store, transmit or process sensitive cardholder data.
Access to make changes to source code, and to access test and production infrastructure is provided only to select Tangerpay partners. No other staff have access to environments or data.
Tangerpay only allows network connections using TLS 1.2 and above. Qualys SSL Labs rates us an A+.
Tangerpay data, including the online database, backups and log files are also encrypted at rest.
User credentials are additionally protected using modern, memory-hard, keyed hash functions.
At all times we will do our very best to apply industry leading security techniques, encryption and best practices, however absolute security can not be guaranteed. In the event of a breach we will notify any affected users so they can take appropriate protective steps.
Tangerpay's test environments do not share configuration settings with the production environment. Data sets are anonymised to ensure no personally-identifiable information is exposed to software engineers or other staff.