> For the complete documentation index, see [llms.txt](https://dev.simplepay.ai/docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dev.simplepay.ai/docs/introduction/security.md). # Security Security constitutes a fundamental pillar of the SimplePay platform, ensuring the safeguarding of all transactions and interactions against potential threats. The platform employs a comprehensive security framework that incorporates advanced encryption techniques, robust validation protocols, and secure wallet management, thereby fostering a reliable and trusted payment processing environment. *** ## **Core Principles of Security** ### **Privacy and Autonomy** * [Non-custodial](/docs/introduction/core-concepts/non-custodial.md) models prioritize user privacy by reducing data sharing requirements. * Users retain full autonomy over their assets, making this model ideal for decentralized financial operations. {% hint style="info" %} **Important:** SimplePay never asks you to provide mnemonic phrases or private keys from your wallets. That means we are have no control over your funds. {% endhint %} ### **End-to-End Encryption** > Ensures the confidentiality and integrity of all data exchanged between users, merchants, and the blockchain. * Sensitive information, including private keys and payment details, remains protected from unauthorized access. * All communications are secured utilizing industry-standard encryption protocols, such as TLS. #### **Illustrative Workflow:** ``` User initiates payment -> Data is encrypted -> Blockchain processes transaction securely. ``` *** ### **On-Chain Validation** > Verifies all payments directly on the blockchain, providing: * **Immutability:** Transactions, once recorded, cannot be modified. * **Transparency:** Payment records are publicly accessible and verifiable, enhancing trust among stakeholders. #### **Operational Framework:** 1. The merchant generates an invoice. 2. The customer initiates payment through their cryptocurrency wallet. 3. SimplePay validates the transaction on-chain, ensuring: * Accurate payment amounts. * Validity of the recipient address. * Completion of the transfer. *** ### **Static Wallet Addresses** > Enables merchants to utilize static wallet addresses for enhanced operational and regulatory benefits: * Facilitates predictable transaction workflows. * Simplifies financial reporting and auditing processes. * Aligns with legal compliance requirements in jurisdictions supporting cryptocurrency, such as El Salvador. {% hint style="info" %} **Note:** Static wallet addresses are particularly advantageous for seamless tax reporting and compliance. {% endhint %} *** ### **Authentication and Access Control** > Enhances the security of merchant accounts through: * **Two-Factor Authentication (2FA):** Introduces an additional security layer to deter unauthorized access. * **Role-Based Access Control:** Restricts access to critical features based on user-specific roles and permissions. #### **Illustrative Example:** ``` Admin -> Full access to wallet and settings. Employee -> Limited access to payment history. ``` *** ## **Threat Mitigation Strategies** ### **DDoS Protection** The platform incorporates advanced defense mechanisms to mitigate Distributed Denial-of-Service (DDoS) attacks, ensuring: * Uninterrupted platform availability. * Stability during periods of high traffic volume. *** ### **Routine Audits** * Comprehensive code audits conducted by reputable third-party security firms. * Rigorous testing of smart contracts to identify and rectify vulnerabilities. *** ### **User Responsibility** While SimplePay provides a secure infrastructure, users are encouraged to: * **Secure Their Wallets:** Employ hardware wallets or other reliable storage solutions. * **Avoid Phishing Attempts:** Interact exclusively with verified SimplePay links and interfaces. *** #### **Recommended Best Practices:** * Add at least one **social provider** to recover an account after lost. * Activate **Two-Factor Authentication (2FA)** upon account creation. * Regularly monitor wallet activities for any irregularities. *** ### **Glossary** * **End-to-End Encryption:** Ensures data is secure from sender to recipient. * **On-Chain Validation:** Confirms transaction authenticity using blockchain technology. * **Static Wallet Address:** A fixed cryptocurrency address designated for receiving payments. * **Two-Factor Authentication (2FA):** An authentication process requiring two verification methods. *** --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dev.simplepay.ai/docs/introduction/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.