FeaturesHow it worksDevelopersUse casesPricingBlog
Request early access
Security

Built for trust.

Plirin is a non-custodial payment platform. Your funds never touch our servers. Every layer — identity, transactions, infrastructure — is designed with security as the default, not an add-on.

Non-custodial·KYB verified·Sanctions screened·Encrypted

Non-custodial architecture

Unlike traditional payment processors, Plirin never holds your money. Stablecoin payments settle directly from your customer's wallet to yours on-chain. There is no Plirin balance, no withdrawal process, no counterparty risk. Your keys, your funds.

How we protect you

Six pillars that underpin every layer of the Plirin platform.

Non-Custodial by Design

Plirin never holds, controls, or has access to your funds. Payments settle directly from your customer's wallet to yours — no intermediary, no escrow, no counterparty risk.

  • Direct wallet-to-wallet settlement
  • No private key access
  • No pooled funds or omnibus wallets
  • You control your own keys

KYB & Identity Verification

Every merchant completes Know Your Business verification before processing payments. We use Shufti Pro for identity verification with document checks, liveness detection, and sanctions screening.

  • Government ID + liveness check
  • Business document verification
  • UBO (beneficial owner) verification
  • Tiered limits based on verification level

Transaction Screening

Every transaction is screened in real time against OFAC, EU, and UN sanctions lists. Wallet addresses are checked against known threat databases before funds move.

  • Real-time wallet sanctions screening
  • OFAC, EU & UN sanctions lists
  • Ongoing monitoring
  • Automated risk scoring

Infrastructure Security

Our backend runs on isolated infrastructure with encrypted storage, TLS everywhere, and strict access controls. Data at rest is encrypted with AES-256, and all API traffic is encrypted in transit.

  • AES-256 encryption at rest
  • TLS 1.3 for all connections
  • Isolated compute with no shared tenancy
  • Automated security patching

API Security

Our REST and GraphQL APIs use JWT authentication with short-lived tokens, HMAC-signed webhooks for event verification, and idempotency keys to prevent duplicate operations.

  • JWT authentication
  • HMAC-SHA256 webhook signatures
  • Idempotency keys on all mutations
  • Rate limiting & abuse prevention

Compliance Architecture

Plirin is built for regulatory compliance from day one. Our architecture separates concerns cleanly — identity, payments, and data all have independent compliance boundaries.

  • Data residency controls
  • Audit trail on every action
  • Role-based access control
  • Data sharing & sub-processor transparency

Our commitments

Transparency

We publish our sub-processor list and data sharing policies. You know exactly who handles what.

Audit Trail

Every merchant action — login, payment, refund, config change — is logged with actor, timestamp, and context.

Minimal Data

We collect only what's required to operate the platform. No tracking pixels, no behavioral analytics, no data sales.

Incident Response

Security is our highest priority. Events are triaged immediately, and affected merchants are notified promptly.

Responsible disclosure

Found a vulnerability? We appreciate responsible disclosure. Please email security@plirin.com with details and we'll respond within 48 hours.

Ready to get started?

Join the waitlist and be among the first to accept stablecoin payments with Plirin.

Request early access
Privacy Policy|Terms of Service|Data Sharing Policy|Sub-processors