Aftoria employs enterprise-grade security practices to ensure data confidentiality, integrity, and availability.
All traffic between users, merchants, and Aftoria servers is protected through HTTPS with TLS 1.2+ encryption.
The system architecture is hosted on AWS using Virtual Private Cloud (VPC) isolation, encrypted storage (AES-256), and multi-factor authentication for administrative access.
Aftoria follows the PCI DSS Self-Assessment Questionnaire A (SAQ-A) model, as the platform never stores or processes cardholder data directly — payments are routed exclusively through the hosted pages of licensed PSPs such as Paystack, Flutterwave, and Stripe.
Aftoria complies with the General Data Protection Regulation (GDPR) and the Nigerian Data Protection Act (NDPA).
For security concerns, contact support@aftoria.io.