Security & Data Protection
Your security is our priority. Learn how we protect your data and transactions.
How We Protect Your Data
Holdyn implements industry-standard security measures to ensure your data and transactions are protected.
Encrypted Connections
Every connection to Holdyn uses HTTPS with TLS 1.2 or higher. HTTP traffic is automatically redirected to HTTPS in production.
PCI DSS via Stripe
Card payments are processed by Stripe, Inc., which holds PCI DSS Level 1 certification — the highest level available in the payments industry.
No Card Storage
Holdyn never stores credit-card numbers, CVVs, or full bank-account details. All payment instruments are tokenized and held by Stripe.
Field-Level Encryption
Sensitive fields (SSN last-4, two-factor secrets, backup codes) are encrypted with AES-256-GCM authenticated encryption, so tampering is detectable. Passwords are hashed with bcrypt and never stored in plaintext.
Two-Factor Authentication
Users can enable TOTP-based two-factor authentication for an additional layer of account security. Two-factor is enforced for administrative accounts.
Account Lockout
After repeated failed login attempts, the account is temporarily locked. The lockout fails closed if the security store is unreachable, blocking brute-force attempts even during partial outages.
CSRF Protection
Every state-changing request requires a double-submit CSRF token, validated against a server-side store. Cross-site request forgery attacks are blocked at the middleware layer.
Rate Limiting
Per-endpoint rate limits throttle abusive traffic. Authentication, two-factor, and money-movement endpoints carry stricter, fail-closed limits to defend against brute-force and replay attacks.
Security Headers
Industry-standard hardening on every response: Content-Security-Policy with strict script-src, HTTP Strict Transport Security (HSTS) with one-year preload, X-Frame-Options DENY, X-Content-Type-Options nosniff, and a strict-origin-when-cross-origin referrer policy.
Money Safety
Beyond standard security: the infrastructure choices that protect every dollar moving through Holdyn.
Append-Only Event Ledger
Every state change and money-movement event writes one immutable row to a TransactionEvent log with a balance snapshot. Retained for seven (7) years to meet SOX and tax-record retention floors — your full audit trail, always.
Idempotency on Every Call
Every Stripe API call carries a deterministic idempotency key. Duplicate webhooks, double-clicks, and retried requests can never result in a second charge, transfer, or refund. The contract is enforced both at our database (cap-guards on funded amounts) and at Stripe.
Signed Webhook Verification
Every Stripe webhook is verified with HMAC-SHA256 against a separate signing secret per surface (consumer and B2B). Invalid signatures are rejected with a 400 so Stripe stops retrying a malformed payload.
MongoDB Replica Set Verified
Production refuses to boot unless the database is a real replica set, because multi-document money writes (deposit, release, refund) wrap in transactions that would silently degrade to non-atomic on a single-node instance.
No-Store Cache Posture
Every authenticated response carries Cache-Control: no-store, enforced at the middleware layer with downstream-override protection — preventing browser HTTP caches from serving one user's response to another after a logout/login switch.
Recovery Tasks for Stuck Money
On the rare event that an external service fails after we've debited a user, an automated Recovery Task is opened with a CRITICAL Slack alert. Holdyn ops is paged in real time so no funds ever sit in limbo unobserved.
Compliance & Observability
The operational discipline that keeps Holdyn safe at scale.
Stripe Identity KYC
Enhanced verification with document and selfie checks via Stripe Identity. Required for high-trust operations like withdrawing funds. Built into the wallet and onboarding flows — no third-party redirects.
Mandatory Admin 2FA
Production refuses to boot unless two-factor authentication is enforced for every administrative money endpoint. A stolen admin session is not enough to move user funds.
Real-Time Alerting
Production deployments require at least one alert sink (Slack, Discord, or PagerDuty/Opsgenie via webhook). Database loss, reconciliation drift, stuck money, chargebacks, and webhook failures page our team within seconds.
Refresh Token Reuse Detection
Every refresh-token use bumps a token version on the user account. A reused or stolen token is rejected on its next call with a session-expired response — and the underlying account is forced to re-authenticate.
Payment Security
All payments on Holdyn are processed through Stripe, a leading global payment processor.
PCI DSS Level 1: Stripe maintains PCI DSS Level 1 certification, the most stringent level of security certification in the payments industry.
Fund Custody: Holdyn does not directly hold user funds. All funds are held securely by Stripe until transaction conditions are met.
Fraud Protection: Stripe provides built-in fraud detection and prevention using machine learning and advanced algorithms.
Regulatory Compliance: Stripe is a licensed money transmitter and complies with all applicable financial regulations.
Data Handling Practices
We are committed to handling your data responsibly and transparently.
What We Collect
- Account information (name, email, phone)
- Transaction details and history
- Identity verification documents (processed by Stripe)
- Usage data for service improvement
What We Don't Do
- We don't store credit-card numbers, CVVs, or full bank-account details
- We don't sell your data — ever, to anyone
- We don't share data with marketing or advertising networks. Sharing is limited to the essential service providers listed in our Privacy Policy
- We don't retain personal data beyond what legal and regulatory requirements demand
For complete details on how we handle your data, please review our Privacy Policy.
Read Privacy PolicySecurity Concerns?
If you have security concerns or want to report a vulnerability, please contact our security team.
Contact Us