Skip to main content
Back to Home

Security & Payment Policy

Effective Date:
Last Updated:

Executive Summary

FairFate uses industry-standard security practices to protect your payment information and personal data.

Key Points:

  • Secure payment processing via certified payment processor
  • Encrypted connections for all data transmission
  • Zero storage of credit card numbers on our servers
  • Tokenization for all payment information
  • Security monitoring and fraud detection

Payment Processing

Never See Your Card Details

FairFate never stores or transmits your full credit card information.

Payment information is sent directly to our payment processor via encrypted connection. We only receive a secure token in return.

What We Store

  • Payment token - secure identifier for processing future transactions
  • Last 4 digits - for your reference only
  • Card brand (Visa, Mastercard, etc.) - for display only
  • Billing address - for tax compliance and fraud prevention

What We NEVER Store

  • Full card number (PAN - Primary Account Number)
  • CVV/CVC code (Card Verification Value)
  • Card PIN or authentication codes
  • Magnetic stripe data
  • Unencrypted payment credentials

Security Layers

Layer 1: Transport Encryption

All data transmitted to/from FairFate is encrypted via HTTPS.

  • Standard HTTPS/TLS encryption for all connections
  • SSL/TLS certificates for secure communication
  • Encrypted data transmission between your browser and our servers

What this means: Even if someone intercepts network traffic, they cannot decrypt your payment information.

Layer 2: Payment Tokenization

Sensitive payment data is converted into secure tokens.

How it works:

  1. You enter payment info on our site
  2. Data sent directly to payment processor (bypasses our servers)
  3. We receive only a secure token
  4. FairFate stores only the token (useless to attackers)
  5. Future charges use token (never raw card data)

Benefits:

  • We cannot accidentally leak your card data
  • Tokens are useless if stolen
  • Industry standard for security

Layer 3: Database Encryption

All stored data is encrypted at rest.

  • Industry-standard encryption for all sensitive data
  • Passwords, tokens, and documents are encrypted
  • Role-based access controls
  • All backups encrypted separately

Layer 4: Network Security

Network protection measures.

  • Rate Limiting: Prevents brute force attacks
  • Access Controls: Restricted admin access

Layer 5: Application Security

Code-level security controls.

Input Sanitization:

  • All user inputs sanitized to prevent attacks
  • SQL injection prevention
  • File upload validation and malware scanning

CSRF Protection:

  • Token-based protection
  • Validation on all state-changing requests

Authentication:

  • Industry-standard password hashing
  • Multi-factor authentication available
  • Secure session management
  • Auto-logout after inactivity

Authorization:

  • Role-based access control
  • Permission checks on every request
  • Admin actions require re-authentication

Layer 6: Rate Limiting

Prevents abuse and ensures availability.

  • Rate limiting on authentication, payments, and API endpoints
  • Automatic blocking of suspicious traffic patterns

Payment Transmission Security

All payment data is transmitted securely:

  • Card information sent directly to payment processor (never touches our servers)
  • Only secure tokens are returned to FairFate
  • All transactions use encrypted connections
  • Audit trail maintained for all payment operations

Payment Processor Security:

Our payment processor maintains:

  • PCI DSS Level 1 certification (highest compliance level)
  • End-to-end encryption
  • Fraud detection systems
  • 3D Secure (3DS) support
  • Address and CVV verification

Fraud Prevention

Transaction Monitoring

Real-time fraud detection:

Automated Checks:

  • Address verification
  • Card validation
  • Location matching
  • Purchase pattern analysis
  • Device verification

Manual Review:

  • High-value transactions
  • First-time international orders
  • Unusual patterns

3D Secure (3DS)

Extra authentication for online payments.

  • Bank verification for high-risk transactions
  • Liability protection for customers
  • Frictionless for most transactions

Creator Payment Protection

For sellers receiving payouts:

KYC Verification: Identity verification before first payout • Bank Account Validation: Micro-deposits verify ownership • Fraud Monitoring: Unusual payout patterns flagged • Chargeback Protection: Creators protected from friendly fraud • Reserve Accounts: Held for 30 days for new creators

Data Protection Standards

FairFate follows security and privacy best practices, including regular code reviews and security monitoring.

Incident Response

Data Breach Protocol

In the unlikely event of a data breach:

Within 24 hours:

  1. Contain the breach (isolate affected systems)
  2. Assess scope (what data was accessed)
  3. Notify law enforcement (if criminal)
  4. Begin forensic investigation

Within 72 hours: 5. Notify affected customers via email 6. Notify regulators (if legally required) 7. Provide mitigation steps (password reset, monitoring recommendations)

Ongoing: 8. Publish incident report (transparency) 9. Implement fixes and improvements 10. Third-party security audit

What We’ll Disclose

  • What happened (root cause analysis)
  • What data was affected (specific fields)
  • What we’re doing (remediation steps)
  • What you should do (actionable advice)
  • How we’re preventing recurrence

What we won’t disclose:

  • Security measures (to prevent exploitation)
  • Third-party vulnerabilities (responsible disclosure)

Your Security Responsibilities

Protect Your Account

Strong passwords: Minimum 12 characters, mixed case, numbers, symbols • Unique passwords: Don’t reuse across sites • Enable MFA: Multi-factor authentication (highly recommended) • Verify emails: Check sender before clicking links • Log out on shared devicesMonitor account activity regularly

Recognize Phishing

FairFate will NEVER: • Email requesting password • Ask for full card number via email • Request CVV or PIN • Send unsolicited attachments • Use urgent/threatening language

Red flags:

  • Misspelled domain (fairfate.com vs fairfate-secure.com)
  • Generic greetings (“Dear customer” vs your name)
  • Urgent action required
  • Suspicious links (hover to preview URL)

If suspicious: Forward to martin@fairfate.com

Report Security Issues

Found a vulnerability?

Email: martin@fairfate.com

Please report security issues responsibly by contacting us directly.

Infrastructure Security

Cloud Hosting

Infrastructure:

  • Database: Encrypted database with role-based access controls
  • Storage: Encrypted file storage
  • Backups: Regular encrypted backups, 30-day retention

Data Residency

  • Primary: United States

Disaster Recovery

  • Backups: Regular automated backups
  • Retention: 30-day backup retention policy

Audit Logging

What We Log

All security-relevant events are logged:

Authentication: Login attempts, password changes, MFA events • Authorization: Permission checks, access denials • Payments: All transactions, refunds, payouts • Admin Actions: KYC approvals, merchant reviews, user modifications • Data Access: Who accessed what, when • Security Events: Failed login attempts, rate limiting triggers

Log Retention

  • Security logs: 12 months minimum
  • Audit logs: 7 years (compliance requirement)
  • Payment logs: 7 years (PCI/tax requirement)
  • Access logs: 90 days

Log Protection

  • Logs are encrypted and securely stored
  • Monitored for suspicious patterns

Specific Security Implementations

File Upload Security

Protecting against malicious files:

Malware scanning: All uploads scanned for threats • File type validation: Whitelist of allowed formats • Size limits: Maximum file size enforced • Quarantine: Suspicious files held for review • Encrypted storage: Files encrypted at rest • Access control: Only owner can download

KYC Document Security

Merchant identity verification:

End-to-end encryption: Documents encrypted before upload • Access logging: Every view of KYC docs logged • User consent required: Access granted only with explicit permission or legal requirement • Retention policy: 7 years (AML compliance) • Secure deletion: Cryptographic erasure after retention

Payment Security FAQs

Is my payment information safe?

Yes. FairFate never stores your credit card number. We use a PCI Level 1 certified payment processor, which is the highest security standard in the industry.

What if my card is stolen?

Contact us immediately. We’ll freeze your account, review recent transactions, and assist with refunds if fraudulent charges occurred.

Do you support 3D Secure?

Yes. For high-risk transactions, we require additional bank verification.

Can I see my full card number?

No. For security, we only display the last 4 digits. To change payment methods, you must enter a new card.

How do I delete my payment method?

Account Settings → Payments → Remove. The token is immediately invalidated and cannot be used for future charges.

Contact

Email: martin@fairfate.com

Updates to This Policy

This security policy is reviewed and updated as needed for new features, security incidents, or changes to our practices.

Material changes:

  • Notice via email
  • Updates posted to this page

FairFate is committed to maintaining the highest security standards. Your trust is our top priority.

Version: 2.0 Effective: January 1, 2025 Next Review: April 1, 2025