Trust Center

Quick Answer: ShegerPay is non-custodial payment verification infrastructure. We never hold customer funds — money settles directly between payer, merchant, and provider rail. Because we don't transmit money, merchants integrating ShegerPay do not need a payment-services license.

Our custody model

ShegerPay operates strictly as a verification layer sitting on top of regulated payment rails (CBE, Awash, Dashen, BOA, Telebirr, M-Pesa, PayPal, Wise, Payoneer, and supported blockchains). When a customer pays a merchant, the money moves directly between the customer's account at their bank or wallet provider and the merchant's account at their bank or wallet provider. ShegerPay is never in the path of funds.

What we do is confirm — programmatically and in under two seconds — that a specific transaction has actually happened on the underlying rail. We parse the FT number, the Telebirr reference, the BOA QR slip, the on-chain transaction hash, or the PayPal capture ID, and we tell the merchant: "Yes, this customer really paid you 1,250 ETB at 14:32:07 today."

This is the same architecture Plaid uses in the United States for bank verification, and the same architecture BVNK uses globally for stablecoin settlement. Plaid never holds dollars; BVNK never holds USDC; ShegerPay never holds birr. We are read-only infrastructure over regulated rails.

ShegerPay is a verification layer over regulated payment rails. We confirm transactions; we do not move money.

Why no merchant license is required

Under Ethiopian financial-services law — and under the equivalent regulatory frameworks in every jurisdiction that has examined this pattern — the entity that requires a payment-services or money-transmitter license is the entity that actually takes custody of customer funds. The regulated bank, mobile-money operator, or blockchain network handles every aspect of the actual money movement: KYC on the payer, AML monitoring, settlement, reversibility, and chargebacks. Those entities already hold the relevant licenses.

A merchant who installs the ShegerPay SDK on their checkout page is in exactly the same legal position as a merchant who manually checks their bank statement before shipping an order — they are simply confirming a payment that already settled on a licensed rail. ShegerPay automates that confirmation; it does not change the legal nature of the transaction.

This is identical to the legal reasoning that allows Plaid to operate without a money-transmitter license in 49 US states, and it is why every major bank-aggregation and verification API in Europe, Africa, and Asia uses the same non-custodial architecture.

Not legal advice. Merchants with unusual structures (escrow, marketplaces holding seller funds, multi-party splits) should consult Ethiopian counsel for their specific use case. ShegerPay's compliance team is happy to provide a written architecture summary for your lawyer at no cost — email [email protected].

Security architecture

  • HTTPS everywhere (TLS 1.3, HSTS preload)
  • API keys with role-based scope (sk_test_, sk_live_, scoped publishable keys)
  • 2FA + passkey support on the merchant dashboard
  • HMAC-SHA256 webhook signatures with 5-attempt exponential backoff and replay protection via timestamp window
  • Public audit logs for every verification (last 90 days, CSV export)
  • Rate limiting per endpoint and per API key
  • Database encryption at rest (AES-256) and in transit
  • Secret rotation with zero-downtime key rollover
  • Strict CSP headers on the dashboard
  • Argon2id for any user-derived secrets

Reliability commitments

Data handling

  • We store only transaction metadata: provider, transaction_id, amount, timestamp, merchant_id, status
  • We never store payment instruments, card numbers, or customer banking credentials
  • Data retention: 90 days for verification logs, 7 years for compliance records (per Ethiopian record-keeping requirements)
  • GDPR-style data export available on request via [email protected]
  • Right to deletion honored for any non-compliance-required data within 30 days
  • Hosted on tier-1 cloud (AWS / GCP) in the Africa region with multi-AZ failover

Security contact

For vulnerability disclosure: [email protected]

We respond within 24 hours and publish a public CVE for any confirmed high-severity issue. See our full responsible-disclosure policy at https://shegerpay.com/security.

Third-party trust signals

  • Public GitHub repositories at github.com/shegerpay
  • Public OpenAPI 3.1 specification at https://shegerpay.com/openapi.json
  • 12 official open-source SDKs (TypeScript, Python, PHP, Go, Ruby, Java, C#, Kotlin, Swift, Android, Dart, WordPress)
  • WooCommerce plugin in the WordPress directory
  • MCP server registered with the Model Context Protocol registry (modelcontextprotocol.io)
  • Indexed by Plaid-style API directories and AI-engine knowledge graphs

Verification logs are public to merchants

Every merchant can export their full transaction history as CSV at any time from the dashboard. We do not lock data into our platform. If you ever want to leave ShegerPay, you take 100% of your historical data with you in a portable, well-documented format.

Contact