Trust & Compliance

All data is processed and stored exclusively in AWS ap-southeast-1 (Singapore). No data leaves the jurisdiction. Aurora PostgreSQL Multi-AZ with automatic failover ensures zero data loss.

Eight independent security layers: CloudFront DDoS → WAF → TLS 1.3 → API Key Auth → RBAC → Rate Limiting → Risk Engine → KMS Encryption. No single point of failure.

Every API call, every state change, every admin action is logged to an append-only audit trail. No UPDATE or DELETE permissions. Synced to S3 for 7-year retention.

Prepaid wallet model with Redis hard-stop flag. When balance reaches zero, all API calls are rejected within 1ms. No post-pay, no debt accumulation, no billing disputes.

API keys are 256-bit cryptographically random, SHA-256 hashed at rest. Plaintext shown once at creation, never stored. Redis cache with 300s TTL. Instant revocation via DEL.

Registered for GST with IRAS (Singapore). All invoices include 9% GST for Singapore customers. Full tax invoice with UEN, auto-generated on every top-up.