Money protection
Payroll routing is designed around regulated banking partner infrastructure, separation from operating funds, reconciliation and incident controls.
Security and compliance
Your money and data, protected by design.
tPay365 is being built so payroll money, bank details and identity data are handled through encrypted storage, controlled access, audit-ready workflows and regulated banking partner infrastructure.
AES-256Encryption at restSensitive personal data is stored as encrypted vault data.
0Plaintext PII at restOperational systems use references, masks and controlled retrieval.
AuditEvery access recordedPersonal-data operations emit structured audit events.
Security and compliance
Your money and data, protected by design.
tPay365 is being built so payroll money, bank details and identity data are handled through encrypted storage, controlled access, audit-ready workflows and regulated banking partner infrastructure.
Assurance record
Built for trust
AES-256Encryption at restSensitive personal data is stored as encrypted vault data.
0Plaintext PII at restOperational systems use references, masks and controlled retrieval.
AuditEvery access recordedPersonal-data operations emit structured audit events.
Security shapes how money moves, how personal data is stored and how access is evidenced.
What we protect
Money, identity and compliance evidence stay under control.
Data protection
Identity, bank and payroll data are encrypted, minimised and only retrieved through authenticated workflows.
Compliance evidence
Important actions are timestamped, attributed and structured so compliance teams can review what happened and why.
Data lifecycle
From collection to deletion.
Personal data should only be collected when it is needed, encrypted when stored, retrieved through authorised paths and removed when it is no longer required.
01
Collection
Personal data enters through controlled product flows, API requests or payroll file processing. Inputs are validated before storage.
02
Encryption
Sensitive fields are encrypted using AES-256-CBC with a fresh initialisation vector for each stored record.
03
Storage
Encrypted vault records are separated from product logic and referenced through opaque identifiers rather than plaintext values.
04
Use
When data is needed, it is retrieved through authorised access paths, freshly decrypted and audit-logged. Plaintext is not cached.
05
Deletion
Deletion requests go through an audited erasure workflow, with legal-retention checks where financial records must be preserved.
Active accounts
Retained only while needed to operate the account.
Deleted accounts
Routed through an audited deletion and legal-retention workflow.
Audit logs
Kept as evidence without plaintext PII in log rows.
Payroll files
Processed data is controlled separately from raw uploads.
Data lifecycle
From collection to deletion.
Personal data should only be collected when it is needed, encrypted when stored, retrieved through authorised paths and removed when it is no longer required.
01
Collection
Personal data enters through controlled product flows, API requests or payroll file processing. Inputs are validated before storage.
02
Encryption
Sensitive fields are encrypted using AES-256-CBC with a fresh initialisation vector for each stored record.
03
Storage
Encrypted vault records are separated from product logic and referenced through opaque identifiers rather than plaintext values.
04
Use
When data is needed, it is retrieved through authorised access paths, freshly decrypted and audit-logged. Plaintext is not cached.
05
Deletion
Deletion requests go through an audited erasure workflow, with legal-retention checks where financial records must be preserved.
Active accounts
Retained only while needed to operate the account.
Deleted accounts
Routed through an audited deletion and legal-retention workflow.
Audit logs
Kept as evidence without plaintext PII in log rows.
Payroll files
Processed data is controlled separately from raw uploads.
Security controls
Practical controls people can understand.
Security should show up in ordinary product behaviour: fewer full identifiers on screen, tighter access to sensitive records and a clear trail whenever personal data is used.
Encrypted vault storage
Bank details, identity fields and other PII are stored encrypted rather than left in application tables as readable text.
Least-privilege access
Internal access is scoped to the action being performed, with authentication and rate controls around sensitive paths.
Masked display
Product screens show partial identifiers where possible, such as the last digits of an account number, not the full value.
Audited deletion
Right-to-erasure workflows are authenticated, recorded and designed to remove personal data when it is no longer required.
Masked display
Full details stay hidden by default.
Email
al****@example.comAccount number
****5678Sort code
12-****NI number
****456CThe interface should reveal enough to confirm the record without exposing the original value.
Security controls
Practical controls people can understand.
Security should show up in ordinary product behaviour: fewer full identifiers on screen, tighter access to sensitive records and a clear trail whenever personal data is used.
Masked display
Full details stay hidden by default.
Email
al****@example.comAccount number
****5678Sort code
12-****NI number
****456CThe interface should reveal enough to confirm the record without exposing the original value.
Encrypted vault storage
Bank details, identity fields and other PII are stored encrypted rather than left in application tables as readable text.
Least-privilege access
Internal access is scoped to the action being performed, with authentication and rate controls around sensitive paths.
Masked display
Product screens show partial identifiers where possible, such as the last digits of an account number, not the full value.
Audited deletion
Right-to-erasure workflows are authenticated, recorded and designed to remove personal data when it is no longer required.
Compliance posture
Built with regulation in mind from day one.
tPay365 is pre-launch. The right promise now is disciplined design: safeguarding, privacy, auditability and partner segmentation are being built into the product before public scale.
01
Safeguarding by design
The money flow is being built around regulated banking partner infrastructure, customer-fund separation and reconciliation evidence.
02
UK GDPR
Data minimisation, access evidence, portability and deletion workflows are design requirements, not afterthoughts.
03
Payment security
The platform is designed to avoid direct card-data storage and to rely on specialised payment and banking partners where appropriate.
Responsible disclosure
Found a security issue? Tell us directly.
We welcome responsible security research. Send reproduction steps and impact details so the issue can be triaged and resolved.