Encryption

CashXChain protects sensitive data through encryption in transit, encryption at rest, access controls, and operational safeguards.

In transit

API requests and webhooks use HTTPS. Customers must use TLS-enabled endpoints for webhook delivery.

At rest

Sensitive platform data is encrypted at rest using cloud-native encryption and managed key controls where applicable.

Secrets

API keys, webhook signing secrets, partner credentials, and operational secrets must be stored in approved secret management systems. They must not be stored in source code, public logs, analytics tools, or client-side applications.

Webhook signing

Webhook payloads are signed so customers can verify authenticity and integrity. Always verify signatures before processing an event.

Customer data

Customers should minimize sensitive data sent in metadata fields. Required compliance or payment data should be provided through the correct structured fields.

Key rotation

CashXChain supports rotation of API keys and webhook secrets. Customers should rotate credentials regularly and after any suspected exposure.

In transit​

At rest​

Secrets​

Webhook signing​

Customer data​

Key rotation​