Enterprise-grade security for every merchant
Your store data, customer records, and payment flows are protected with encryption, access controls, and audited infrastructure — without an enterprise contract.
Encryption in transit
Data at rest
Role-based admin access
Infrastructure monitoring
Security built into the platform
Not bolted on — security is part of how Mrfqy hosts, processes, and delivers commerce.
Payment data never touches your server
Card and wallet payments are handled by certified gateways. Mrfqy never stores full card numbers or CVV data.
Isolated tenant architecture
Each merchant store runs in a logically isolated environment. Cross-store data access is blocked at the API layer.
Secure customer authentication
Customer accounts use hashed passwords, rate-limited login, and optional email verification for password recovery.
Signed digital delivery
Download links for digital products are time-limited, download-capped tokens — master files are never exposed.
Operational security practices
What our team does behind the scenes to keep your business safe.
- Regular dependency and vulnerability patching across all services
- Encrypted backups with point-in-time recovery
- Webhook signature verification for payment and shipping events
- Audit logs for admin actions, order changes, and inventory adjustments
- DDoS protection and rate limiting on public storefront endpoints
- Secrets rotation for API keys and integration credentials
Security FAQ
Common questions from merchants evaluating platform security.
Explore the platform
Deep dives into the capabilities that help Arab merchants launch, sell, and grow.
