Standards & compliance

Mewayz runs the day-to-day operations of thousands of businesses, so the platform is built to clear, well-established technical and data-protection standards. This page summarizes the practices we follow; our security page covers the controls behind them in more detail.

Data protection & privacy

• GDPR — we process personal data on documented legal bases, honour access, correction, and deletion requests, and support data-processing agreements for customers who need them.
• Data ownership — your data is yours. We never sell it, and we never use customer data to train AI models.
• Portability — every workspace can export its data in open formats at any time, so leaving Mewayz is a one-click decision rather than a lock-in.

Encryption

• In transit — all traffic is served over TLS 1.2+ with HTTPS enforced end to end.
• At rest — databases and file storage are encrypted at rest using industry-standard AES-256.
• Secrets — credentials and API keys are stored in a dedicated secrets manager, never in plaintext.

Reliability

The platform is designed for high availability with automated, verified backups and monitored recovery procedures. You can check current and historical uptime on our status page.

Secure development

• Code review and automated testing gate every change before it ships.
• Dependencies are continuously scanned for known vulnerabilities.
• Access to production systems follows least-privilege and is logged and audited.
• Vulnerability reports are welcomed at [email protected] and triaged within one business day for critical issues.

Payments

Card payments are handled by PCI-DSS-compliant processors (Stripe and Razorpay). Mewayz never stores raw card numbers on its own servers.

Related

Read more about our security practices, privacy policy, and accessibility commitment.