Security

Last updated: March 12, 2026

At SpokPay, we take the security of your data and transactions seriously. This page outlines the measures we employ to protect the platform and your information.

Infrastructure

• Cloud hosting — Our backend infrastructure is hosted on cloud providers in the US East region with enterprise-grade physical and network security
• Encryption in transit — All connections to SpokPay are encrypted using TLS (HTTPS)
• Encryption at rest — Stored data is encrypted at rest using industry-standard encryption

Authentication

• OAuth-based login — Authentication is handled through Discord via Clerk, a trusted identity provider. We never store your Discord password
• Session management — Sessions are securely managed with automatic expiration and rotation
• Role-based access — The platform enforces role-based access control to ensure users can only access resources they are authorized for

Payment Security

• PIX via EfiBank — All payment processing is handled by EfiBank, a regulated payment institution supervised by the Central Bank of Brazil (Banco Central do Brasil)
• No card storage — We do not store credit card numbers or sensitive financial credentials on our servers
• Withdrawal verification — Withdrawal requests go through verification steps to prevent unauthorized fund transfers

Application Security

• Input validation — All user inputs are validated and sanitized to protect against injection attacks
• API security — API endpoints are authenticated and rate-limited to prevent abuse
• Dependency management — We regularly review and update dependencies to address known vulnerabilities

Incident Response

In the event of a security incident, we will:

• Investigate and contain the issue promptly
• Notify affected users as required by Brazilian law (LGPD) and as appropriate given the nature of the incident
• Take corrective measures to prevent recurrence

Reporting Vulnerabilities

If you discover a security vulnerability in SpokPay, please report it responsibly by emailing legal@spokpay.com. We appreciate responsible disclosure and will work with you to address any valid findings.