Trust

What we can prove.

We publish only the controls and certifications we can evidence.

Payment data boundaries

Raw card data is handled by regulated, PCI-DSS Level 1 payment institutions and is not stored by ExosPay.

Encryption

Sensitive data is encrypted in transit and at rest using controls documented in our security program.

Business and sanctions screening

Every applicant is reviewed through business-verification, anti-money-laundering, and sanctions-screening controls before approval.

Audit trails and reconciliation

Transaction records support traceable audit trails, double-entry accounting, and reconciliation review.


Payments are plumbing

Card payments run on regulated, PCI-DSS Level 1 payment institutions. ExosPay is the merchant of record — not a payment processor — and never stores raw card data.


Evidence before badges

Certifications are published when complete.

Independent audits and certifications are published here as they are completed. We claim only what we can evidence.

Apply for review

Start with a reviewed relationship.

Approved sellers receive written scope, pricing, settlement, and control terms before activation.

Every application is reviewed