PayChainHQ

Legal

Security Overview

PayChainHQ is designed to reduce operational risk in crypto payment infrastructure by keeping sensitive actions behind layered controls instead of exposing them directly to end users.

Last updated March 8, 2026Applies to public site, dashboard, API, and hosted invoice surfaces
Privacy PolicyTerms of ServiceCookie PolicySecurity

Security principles

  • Separate staging and live environments, with explicit approval gates for production access.
  • Least-privilege access, team roles, step-up authentication, and audit visibility for privileged actions.
  • Operationally explicit payment, webhook, and treasury workflows rather than opaque background behavior.

Key and treasury management

PayChainHQ uses MPC-backed key infrastructure to reduce direct key exposure in production treasury operations.

Where applicable, wallet and treasury signing flows are powered by Turnkey as part of the platform’s controlled operational model.

Authentication, API, and webhook controls

  • Server-side API access is designed around API keys and authenticated dashboard sessions.
  • Sensitive dashboard operations can require recent password step-up.
  • Webhook events include signature metadata so recipients can verify authenticity before processing.

Monitoring and operational controls

The platform uses audit logs, request identifiers, delivery logs, and environment-aware control flows to monitor critical actions and support investigation.

We also use queueing, reconciliation, and operational review steps for treasury and billing flows where appropriate.

Customer responsibilities

  • Store API keys and webhook secrets in a proper secrets manager.
  • Verify webhook signatures before acting on payment events.
  • Restrict dashboard access to authorized team members only.
  • Review invoice, withdrawal, and billing activity regularly.

Reporting security concerns

If you identify a security issue, contact the PayChainHQ team through the get-started or support channel with enough detail to reproduce the issue safely. Please avoid testing that could disrupt production systems or expose customer funds.