End-to-End Encryption
All data transmitted between your browser and KolectPay is encrypted using TLS 1.3. No data is ever sent over plain HTTP.
Secure Payment Processing
All payment processing is handled by regulated and licensed payment service providers in Ghana. We never store card details or mobile money PINs.
KYC Verification
Every business on the platform goes through identity and document verification before being activated, ensuring only legitimate businesses operate.
Secure Authentication
Passwords are hashed using bcrypt and are never stored in plain text. Two-Factor Authentication (2FA) is available for all accounts.
Access Controls
Role-based access control ensures business owners, staff, and admins only see what they are authorised to access. All sensitive actions are logged.
Customer Consent First
No money is ever deducted from a customer's wallet without their explicit approval via a USSD or OTP mandate โ initiated by the customer themselves.
Responsible Disclosure
If you discover a security vulnerability in KolectPay, we encourage responsible disclosure. Please contact our security team directly at security contact form and do not publicly disclose the issue until we have had a chance to investigate and resolve it. We aim to respond to all security reports within 48 hours.
Data Storage
All platform data is stored on servers located within protected data centres. Database backups are performed daily and retained for 30 days. Sensitive documents (KYC files) are stored in encrypted cloud storage with strict access policies.
Uptime & Reliability
KolectPay targets 99.9% uptime. Scheduled maintenance windows are communicated in advance via email and platform banners. Our infrastructure is monitored 24/7 with automated alerts for any service degradation.
Webhook Security
All incoming webhooks from our payment partners are verified using HMAC signature validation before any transaction update is processed. This prevents unauthorised parties from injecting fake payment notifications into the system.