Security is central to payment gateway, payout, verification, and connected banking workflows. Promethora applies layered controls to protect merchants, customers, transactions, credentials, and business data.
Promethora follows a defence-in-depth approach across people, process, application, infrastructure, data, and operational controls. Our security practices are designed to support reliable payment processing, fraud prevention, auditability, and responsible handling of sensitive business information.
Access to internal systems is limited by role, business need, and least-privilege principles. Sensitive workflows may use multi-factor authentication, environment separation, access reviews, logging, and restricted administrative access. Merchants are responsible for securing their dashboard users, API keys, webhooks, and devices.
We use secure transport protocols for data in transit and appropriate safeguards for sensitive information at rest. Credentials, API secrets, payment references, verification data, and operational logs are handled using security-conscious practices designed to reduce unauthorised access or misuse.
Merchants should protect API keys, use environment-specific credentials, validate webhook signatures where applicable, restrict access from trusted systems, rotate secrets periodically, and avoid placing keys in client-side code. Suspicious API behaviour may be rate limited, blocked, or reviewed.
Promethora may monitor transaction velocity, failed attempts, unusual patterns, refund and chargeback behaviour, payout activity, device signals, and API usage. Monitoring helps detect fraud, prevent misuse, support investigations, and maintain service reliability.
We design systems with reliability, backup, recovery, logging, alerting, and operational monitoring in mind. Service availability may depend on partner banks, payment networks, cloud providers, telecom providers, and other external systems, but Promethora works to minimise disruption and restore service quickly.
Promethora aligns its operating practices with applicable Indian technology, data protection, payments, and financial ecosystem requirements. Specific certifications, audits, bank requirements, or compliance attestations may vary by product, partner, and commercial engagement.
If a security incident is suspected, Promethora may investigate, contain, remediate, communicate with affected parties where required, preserve evidence, and work with partners or authorities as appropriate. Merchants must promptly report suspicious access, fraudulent activity, or exposed credentials.
If you believe you have identified a vulnerability in Promethora's website, APIs, or services, contact hello@promethora.com with a clear description, impact, steps to reproduce, and your contact details. Do not access, modify, destroy, exfiltrate, or disclose data that is not yours.
Merchants must maintain secure systems, protect customer data, configure integrations correctly, restrict dashboard access, use strong passwords and MFA, monitor transaction activity, and comply with applicable security and privacy obligations for their own customers and users.