🔒 Enterprise-Grade Security

Bank-Level Security & Privacy

Your data is protected by the same security infrastructure used by Fortune 500 companies. We take your privacy seriously.

Industry-Leading Compliance

We meet or exceed all major security and privacy standards

PCI DSS Level 1

The highest level of payment card industry security compliance.

  • Certified secure card data handling
  • Annual security audits
  • Tokenization & encryption
  • Network segmentation

SOC 2 Type II

Independent verification of security, availability, and confidentiality controls.

  • Annual third-party audits
  • Operational integrity verified
  • Data protection certified
  • Continuous monitoring

GDPR & CCPA

Full compliance with US and EU data privacy regulations.

  • Right to access your data
  • Right to deletion
  • Data portability
  • Privacy by design

Military-Grade Encryption

Your data is protected at every layer with enterprise-grade encryption

256-bit AES Encryption

All data at rest is encrypted with AES-256, the same encryption used by the US military and banks worldwide.

TLS 1.2+ in Transit

All data transfers use TLS 1.2 or higher encryption, preventing interception and man-in-the-middle attacks.

Field-Level Encryption

Sensitive fields like SSN, bank accounts, and card data receive additional encryption layers.

Enterprise Infrastructure Partners

We partner with industry-leading platforms to ensure your data is always secure and available

Airtable

Database & Application Platform

🔐 Security Certifications

SOC 2 Type II GDPR Compliant CCPA Compliant ISO 27001 (In Progress)

🛡️ Data Protection

  • 256-bit AES encryption at rest for all stored data
  • TLS 1.2+ encryption for all data in transit
  • Field-level encryption for sensitive data
  • Automatic daily backups with point-in-time recovery
  • Data residency options (US & EU regions)

🔑 Access Controls

  • Role-based access controls (RBAC) with granular permissions
  • Two-factor authentication (2FA) via SMS or authenticator apps
  • Single sign-on (SSO) with SAML 2.0 support
  • IP allowlisting to restrict access to specific networks
  • Audit logs tracking all user actions and data changes

🌐 Infrastructure Security

  • DDoS protection via Cloudflare
  • Third-party penetration testing
  • Secure API access with rate limiting
  • Token-based authentication
  • Hosted on Amazon Web Services (AWS)

Note: Airtable is NOT HIPAA compliant by default. HIPAA compliance requires Enterprise Grid plan with signed BAA. We do not store PHI (Protected Health Information).

Cloudinary

Media Management & CDN

🔐 Security Certifications

SOC 2 Type II ISO 27001 GDPR Compliant Privacy Shield

🛡️ Document Protection

  • Secure document storage with encryption at rest
  • TLS 1.2+ encryption for all uploads and downloads
  • Private CDN delivery with signed URLs
  • Automatic virus and malware scanning
  • Role-based access to uploaded documents

📁 What We Store on Cloudinary

We use Cloudinary to securely store and deliver application documents:

  • Driver's licenses (government-issued IDs)
  • Business licenses
  • Voided checks (bank account verification)
  • Bank statements
  • Processing statements

🌐 Global Infrastructure

  • Multi-region redundancy (US, EU, Asia)
  • 99.99% uptime SLA
  • DDoS protection and web application firewall
  • Automatic backups and disaster recovery
  • Enterprise-grade CDN with 300+ edge locations

Security FAQs

Common questions about our security practices

How do you protect my sensitive data?

All sensitive data (SSN, bank accounts, card numbers) is encrypted with 256-bit AES encryption at rest and TLS 1.2+ in transit. We use field-level encryption for the most sensitive fields, meaning they receive additional encryption layers on top of database encryption. We also implement role-based access controls (RBAC) to ensure only authorized personnel can access your data.

Where is my data stored?

Your application data is stored on Airtable's infrastructure (hosted on Amazon Web Services in the United States with EU options available). Uploaded documents (licenses, statements, etc.) are stored on Cloudinary's global CDN with encryption and redundancy across multiple regions. Both platforms are SOC 2 Type II certified and GDPR compliant.

Do you sell or share my data?

Absolutely not. We never sell your data to third parties. Your information is only shared with payment processors as necessary to provide our services. We are fully CCPA and GDPR compliant, giving you the right to access, delete, or port your data at any time.

How often do you back up my data?

Airtable performs automatic daily backups with point-in-time recovery capabilities. Cloudinary maintains multi-region redundancy with automatic backups. In the event of a disaster, your data can be restored with minimal to zero data loss.

Are you HIPAA compliant?

Our standard platform is NOT HIPAA compliant. Airtable only offers HIPAA compliance on Enterprise Grid plans with a signed Business Associate Agreement (BAA). We do not store Protected Health Information (PHI) or medical records. If you need HIPAA-compliant payment processing, please contact us for enterprise options.

How do you handle security incidents?

We have a comprehensive incident response plan that includes immediate detection, containment, and notification. In the unlikely event of a security breach, we will notify affected users within 72 hours per GDPR requirements. Our infrastructure partners (Airtable, Cloudinary) also have dedicated security teams monitoring 24/7.

Can I audit your security practices?

Enterprise customers can request our SOC 2 Type II reports and third-party penetration test results. We also provide detailed security documentation and can arrange security reviews for large deployments. Contact hello@midpay.me for audit requests.

Your Data. Your Privacy. Our Priority.

Join 1,000+ businesses trusting MidPay with their payment processing

Get Started Today →

← Back to Home