Security overview

CashXChain is built for business-critical financial workflows. Security is designed across identity, API access, data handling, infrastructure, partner routing, and operational processes.

Security principles

Least privilege access.
Strong environment separation.
Server-side secret handling.
Defense in depth.
Auditability by default.
Secure-by-design API workflows.
Zero-custody architecture target.
Partner governance for regulated execution.

Customer responsibilities

Customers are responsible for securing their own systems, API keys, webhook endpoints, user permissions, approval workflows, and downstream reconciliation processes.

CashXChain responsibilities

CashXChain is responsible for protecting the platform, API, dashboard, orchestration logic, audit records, and customer data under its control.

Partner responsibilities

Regulated partners are responsible for the services they provide, including custody, payment execution, settlement, screening, and local rail access where applicable.

Security reviews

Before production access, CashXChain may review your integration for:

API key storage.
Webhook signature verification.
Retry and idempotency handling.
Access controls.
Incident contacts.
Expected payment volume.
Compliance process alignment.

Reporting security issues

Report suspected vulnerabilities to the security contact listed in Disclosure. Do not test against production accounts or real customer data without authorization.

Security principles​

Customer responsibilities​

CashXChain responsibilities​

Partner responsibilities​

Security reviews​

Reporting security issues​