ChapaChapa Docs

Security Guide

Best security tools and practices to maintain a high level of security at Chapa

This document explains how we use the best security tools and practices to maintain a high level of security at Chapa.

HTTPS for Secure Connections

Chapa uses HTTPS for all the services and websites using TLS (SSL). Chapa's libraries connect to Chapa's server over TLS and with every connection, the TLS will be verified.

Always ensure your integration uses HTTPS endpoints. Never send sensitive data over unencrypted connections.

Encryption of Data

All card numbers are encrypted at rest with AES-256. None of Chapa's internal servers can obtain plaintext card numbers. Chapa's framework for storing and transmitting card numbers runs in a separate environment and is not a part of Chapa's primary services, ensuring security over your credentials.

Privacy Policy and Terms

Chapa's Privacy Policy and Terms detail clients' privacy rights concerning their acquaintance with the company and how it gathers, assembles, uses, shares, and protects their personal data.

These terms are to be implemented on every platform owned by Chapa - websites, applications, Social Media Pages, and any other tools or services - no matter how the client gains access to them. However, third-party platforms that are NOT owned by Chapa are NOT to be abided by these terms as they aren't applicable to them.

Chapa regards and honors the importance of its clients' privacy and consent. Therefore, we hereby declare that we will go above and beyond to protect and secure the information you entrust with Chapa.

Revision, Updates & Amendments

Due to the constant change in technology, it is a must to adjust our policies accordingly. Chapa reserves the right to revisit, revise, update and amend its privacy policies as need be. Terms are effective and valid in regards to the date provided below. Referring to this date, it is our advice that you check the terms from time to time.

If you have any disagreement with what is stated in these terms, you are expected to stop interacting with the platform and dismiss your account (if you have created one).

Age

Our services are strictly provided to users that age 18 and above. Chapa is not responsible for any information that is acquired through a user that doesn't meet the age limit mentioned above. However, any party that claims they had their private data released without permission can contact us through the contact details provided on this page.

Data Gathered by Chapa

1. Personal Data

To get our services running we are obligated to gather some of our users' personal data, such as First and Last names, phone numbers, e-mails, addresses, bank details, etc. Occasionally, anonymous details such as 'IP address' might be collected as well. Current, past, and prospective employees, suppliers/vendors, customers of companies, and individuals that deal with Chapa - all lie under the term 'Users'.

All collected and gathered data is protected by laws, principles, rules, and regulations ensuring security.

Creating a Chapa account is required in order to gain access to our services. By creating an account you give us access to your personal data. Your personal data will be used for the following purposes:

  • To Give you access to our services.
  • To attend to your needs.
  • To Address inappropriate use of our website.
  • To provide you with marketing content, newsletters, and service updates by Chapa. (You will have the option to 'unsubscribe' if you are no longer interested in this service.)
  • To Maintain daily records.
  • For Identity Verification.

2. Cookies

Cookies allow servers to register and recall IP addresses, web traffic, time and date stamps of platform visits, as well as defend against deceptive activities. However, cookies do not store and withhold sensitive data. They are present to gather special yet random information in order to identify you as a user whenever you revisit the site and eventually give you what is needed.

To give you a smoother experience, ensure security, and customize your needs accordingly, Chapa uses Cookies.

Although it may impact your user experience, you will be given the option to disable Cookies while accessing Chapa's website and other platforms.

Security Best Practices

For Developers

  • Keep your Secret Key private: Never expose your secret key in client-side code or public repositories
  • Use HTTPS: Always use HTTPS endpoints for all API calls
  • Validate webhooks: Always verify webhook signatures to ensure requests are from Chapa
  • Verify transactions: Always verify transaction status on your server before fulfilling orders
  • Use environment variables: Store API keys securely using environment variables
  • Implement rate limiting: Protect your endpoints from abuse
  • Regular security audits: Regularly review your integration for security vulnerabilities

For Merchants

  • Secure your account: Use strong passwords and enable two-factor authentication if available
  • Monitor transactions: Regularly review your transaction logs for suspicious activity
  • Keep software updated: Ensure your systems and integrations are up to date
  • Train your team: Educate your team on security best practices

Next Steps- High Risk Businesses - Learn about high-risk business considerations

Get Virtual Account Credit History

Retrieve all credit transactions for a specific virtual account

High Risk Businesses

Industries identified as high risk and their payment processing considerations

On this page

HTTPS for Secure Connections
Encryption of Data
Privacy Policy and Terms
Revision, Updates & Amendments
Age
Data Gathered by Chapa
1. Personal Data
2. Cookies
Security Best Practices
For Developers
For Merchants
Next Steps- High Risk Businesses - Learn about high-risk business considerations