Trust
Security and Compliance
Ocuula is built on a non-custodial architecture. Your funds never touch our infrastructure. We focus our security efforts where they matter: protecting your configuration data, preventing unauthorized access, and maintaining an audit trail.
Non-Custodial Architecture
Our platform never holds, stores, or transmits payment instrument credentials. We operate as a middleware layer that sits between your application and your payment processor.
When you configure a split rule, our system calculates the distribution and sends disbursement instructions to your connected processor. The processor executes the actual fund movements. We never have access to funds in transit.
This architecture removes the need for PCI DSS compliance on our side and reduces your exposure in the event of a security incident.
Data Protection
Encryption at rest. All data stored in our database is encrypted using AES-256. API keys for payment processors are encrypted with a separate key management system before storage.
Encryption in transit. All API traffic is served exclusively over TLS 1.3. We maintain an A+ TLS rating and enforce HTTP Strict Transport Security (HSTS).
Key management. Payment processor credentials are encrypted at the application layer before being written to the database. Decryption keys are stored separately and never logged.
Backups. Data is backed up continuously with point-in-time recovery. Backups are encrypted and stored in a separate geographic region from primary data.
Access Controls
API authentication. All API requests must include a valid API key in the request header. API keys are assigned specific permissions and can be revoked independently.
Multi-sig approvals. High-value or sensitive split configurations can require multiple team members to approve before taking effect. Approval requirements are configurable per rule.
Team-based access. Organization owners control who can view, create, approve, or modify routing rules. Role-based access is enforced at the database query level.
Session management. Dashboard sessions use short-lived tokens with automatic refresh. Sessions are invalidated on password change or explicit logout.
Compliance
Audit log. Every API call and configuration change is recorded in an immutable audit log with timestamps, actor identity, and before/after state. Logs are retained for 7 years.
Transaction integrity. Split calculations use integer arithmetic (smallest currency unit) to prevent floating-point rounding errors. Each transaction is logged atomically with its disbursement instructions.
Data residency. Primary data is stored in West Africa (Ghana) with cross-region backups. Enterprise customers can request specific data residency arrangements.
Vulnerability Disclosure
If you discover a security vulnerability in our platform, please report it responsibly. We operate a coordinated disclosure policy:
- Email details to security@ocuula.com
- Allow reasonable time for assessment and remediation
- Do not publicly disclose the issue before we address it
- Do not access or modify data that does not belong to you
We commit to acknowledging receipt within 48 hours and providing status updates throughout the remediation process. We do not offer bounties at this time but will credit researchers who report valid issues.