AegisAEGIS
Security

Protected by Aegis, in design, not just in name.

We built Aegis with the assumption that our servers will be probed, our dependencies compromised, and our employees phished. Every layer is built to survive that world.

Non-custodial payments

Aegis never handles funds. Your customer's card details are entered directly into the payment provider's hosted form. We receive only a tokenized confirmation, card brand, and last-4.

No PAN, CVV, or expiry. Ever.

A defense-in-depth PCI scrubber redacts full PAN-like strings and drops sensitive keys (cardNumber, cvv, expirationDate, ...) before any raw webhook payload is persisted.

AES-256-GCM at rest

Payment-provider API credentials (Authorize.Net login ID, transaction key) are encrypted with a server-side AES-256-GCM key before being written to MongoDB. Only the payment service can decrypt them.

Argon2id password hashing

Passwords are hashed with Argon2id at memory and time parameters tuned for server hardware. We lock accounts on brute-force attempts and force rotation on suspicious logins.

Single-session enforcement

Signing in on a new device revokes the previous session. The old tab bounces to /login with a visible reason ("signed in on another device"). No silent ghost sessions.

TLS 1.3 in transit

Every request between browser, Aegis API, and payment providers is TLS 1.3 with HSTS. No mixed content. No opt-out.

Role-based scoping

Admin > Manager > Team Lead > User. Users see only what they created. Teams are walled off from each other. Admins see everything in the organization, and nothing more.

Tamper-evident audit log

Every login, invoice create/send/pay/cancel, customer write, user role change, and config mutation is recorded with actor, IP, user agent, and UTC timestamp.

Idempotent webhook processing

Webhook events are deduplicated by provider event ID. Replayed or malformed events can't double-settle an invoice or forge a payment.

What we do not store

The list of things Aegis never writes to disk.

We take the hardest path because it's also the safest: keep the regulated data outside our blast radius entirely.

  • Full card numbers (PAN)
  • Card verification codes (CVV / CVC)
  • Card expiration month / year
  • Magstripe / EMV / DUKPT data
  • Track 1 / Track 2 data
  • Unhashed passwords

The PCI scrubber runs on raw webhook payloads before they are persisted, inside the payment-provider adapter, and again before we write a Payment.rawResponse. Triple-redundancy on purpose.

Policies

Operational security.

Responsible disclosure

We welcome coordinated disclosure. Report suspected vulnerabilities to support@aegisinvoice.com with "SECURITY" in the subject line. We acknowledge within one business day and keep you updated through remediation.

Incident response

In the event of a confirmed security incident affecting customer data, we follow a documented incident-response playbook: contain, investigate, notify affected tenants, and publish a root-cause write-up.

Infrastructure

Aegis runs on hardened cloud infrastructure with network-level isolation between environments. Production databases are not reachable from developer laptops. Secrets are stored in a managed secrets vault.

Still have questions?

We're happy to walk your security team through our architecture and answer a vendor-assessment questionnaire.

Talk to us