Security at OptiPay
Protecting your financial data is our top priority. We use modern, industry-standard security technology to keep your data safe.
Encryption in transit and at rest
All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Keys are managed securely and rotated periodically.
Two-factor authentication (2FA)
An extra layer of protection for your account with two-factor authentication. Supports authenticator apps and SMS codes.
Secure cloud infrastructure
We host on leading cloud infrastructure certified to international standards, including SOC 2 and ISO 27001 (these certifications belong to our infrastructure providers, Supabase, Vercel, not to OptiPay directly).
Monitoring and access control
24/7 monitoring systems detect suspicious activity in real time. Every access to data is logged and audited.
Security reviews & verifications
We passed an external CASA Tier 2 security assessment, and the app is verified by both Google (OAuth app verification) and Microsoft (verified publisher). We also run automated security scans in our CI pipeline and perform periodic security reviews.
Backup and recovery
Encrypted automated backups run every day. We target availability of 99.9% or higher, with an RTO goal of 2 hours or less and an RPO goal of 24 hours or less.
Compliance
Sub-processors
The following providers process personal data on our behalf. Each provider is bound by a Data Processing Agreement (DPA) with EU Standard Contractual Clauses (SCCs), or under the Data Privacy Framework, depending on the region of operation. We will give at least 30 days' notice of any change, by email or via an in-app banner.
Last updated: May 24, 2026
Found a security vulnerability? Report it responsibly at security@optipay.co.il