SetuTau NetworkSetuTau Network

Security – SetuTau Network

Last updated: March 2026

1. Overview

SetuTau Network takes security seriously. This document outlines how we protect your data and payments.

2. Payment Security

2.1 PayFast Integration

  • All payments are processed by PayFast, a PCI-compliant payment gateway
  • We do not store, transmit, or have access to card numbers or CVV
  • PayFast handles card data in accordance with PCI DSS requirements

2.2 Merchant Credentials

  • Merchant PayFast credentials (merchant ID, passphrase) are encrypted at rest using industry-standard encryption
  • Credentials are only decrypted server-side when needed to verify payment notifications
  • We never log or expose plaintext credentials

2.3 Split Payments

  • Commission is applied via PayFast split payments
  • Funds flow directly from customer to merchant and platform; we do not hold funds

3. Data Protection

3.1 Authentication

  • User authentication is handled by Supabase Auth (built on GoTrue)
  • Passwords are hashed; we do not store plaintext passwords
  • Session tokens are managed securely via HTTP-only cookies where applicable

3.2 Data Storage

  • Data is stored in Supabase (PostgreSQL)
  • Row Level Security (RLS) restricts access to data based on user roles
  • Sensitive fields (e.g. PayFast credentials) are encrypted before storage

3.3 Transport

  • All traffic is served over HTTPS
  • TLS is used for API and database connections

4. Access Control

  • Customers – Access only their own receipts and account data
  • Merchants – Access only their own store, bookings, and team data
  • Platform admins – Access platform-wide data for support and compliance
  • Access is enforced at the database and API layers

5. Monitoring and Incident Response

  • We monitor for unusual activity and errors
  • Security incidents are investigated and addressed promptly
  • We will notify affected users where required by law

6. Best Practices for Users

  • Use a strong, unique password
  • Do not share your PayFast credentials or account access
  • Report suspicious activity to the Platform administrator
  • Keep your contact and business information up to date

7. Contact

For security concerns or to report vulnerabilities, contact the Platform administrator.

← Home