trust center

Built to pass your security review.

AffiliateHubPro runs the money. We treat that like a regulated workload — Stripe on the payment rail, append-only on the ledger, RLS at the database, audit logs across the platform. Powered by Conduit™.

Request security packet Download DPA

Security

Defense-in-depth across the stack — encrypted in transit and at rest, RLS at the database, idempotent webhooks, audit logs.

Security details

Compliance

GDPR, CCPA, DAC7, PCI-DSS via Stripe, SOC 2 Type II in progress. DPA, subprocessor list, and audit packets on request.

Compliance overview

Reliability

99.95% rolling uptime, multi-region failover, idempotent ledger writes, point-in-time database recovery up to 7 days.

Status & uptime

// principles

Four commitments we won't compromise on.

Funds never sit with us

Stripe holds the money. We orchestrate payments, post the ledger, and never custody merchant or affiliate funds.

Tenants are isolated by default

Row-level security enforces per-merchant boundaries at the database, not the application — even a buggy query can't leak across tenants.

Every event is auditable

Charges, top-ups, commissions, refunds, payouts — all append-only with the actor, IP, and timestamp recorded.

Least privilege, always

Production access is short-lived, two-person, and logged. Engineers never see raw payment instruments.

Encryption

TLS 1.3 in transit · AES-256 at rest

Hosting

EU & US regions · Cloudflare edge

Audit logs

Append-only · 13-month retention

Uptime

99.95% rolling 90-day SLO

Reporting something? Talk to us directly.

Vulnerability disclosure, abuse, takedown, or compliance inquiries — every report reaches a human within one business day.

Security disclosuresecurity@affiliatehubpro.com Privacy & DPAprivacy@affiliatehubpro.com Abuse & takedownabuse@affiliatehubpro.com