Security and compliance, treated as table stakes.
ReliaPay is built to meet the same bar as the global processors we connect to — and the local regulators we operate under. Trust isn't a tagline; it's how we engineer.
Encryption everywhere
TLS 1.3 in transit and AES-256 at rest. Card data is tokenised on entry and never reaches your servers.
Fraud & risk
Machine-learning fraud scoring, velocity rules, and 3-D Secure 2 step-up — tunable per merchant.
Resilient infrastructure
Multi-region active-active architecture. 99.99% uptime SLA with public status page and post-mortems.
Access controls
SSO, role-based access, granular permissions, and full audit logs across the dashboard and API.
Compliant by independent audit, not by claim.
We invest in the certifications that matter to your security and procurement teams.
PCI DSS Level 1
Highest tier of card-data security, audited annually by a QSA.
ISO/IEC 27001
Information security management system, certified end-to-end.
SOC 2 Type II
Security, availability, and confidentiality controls audited continuously.
Local licensing
Authorised payment service provider in KE, UG, TZ, RW, and SO.
Your data, your customers' data — under your control.
ReliaPay is a data processor, not a data broker. We aligned our practices with Kenya's Data Protection Act, GDPR principles, and local regulator requirements across the region.
- Region-pinned data residency for KE, UG, TZ, RW, SO
- Customer data isolation per merchant account
- Configurable retention, deletion, and export
- Data Processing Agreement available on request
- Quarterly penetration tests by independent firms
- Dedicated security contact and PGP key
99.99% uptime SLA
Trailing 90 days
< 250ms p95
API latency
security@reliapay.africa
Vulnerability disclosure
Start accepting payments across East Africa today.
Activate your account in minutes. No setup fees, no monthly minimums. Sandbox access included.