NatePay Compliance & Security Architecture
Our commitment to secure, compliant, and transparent payment processing for creator monetization.
1. Executive Summary
NatePay is a specialized monetization platform that enables creators and service providers to receive payments from their audience via subscriptions and one-off invoices. We act as a technical intermediary, facilitating secure transactions between supporters (subscribers) and creators.
We are a Stripe Approved Platform, utilizing Stripe Connect and Stripe's Transfer APIs to ensure transparent and timely settlements to our verified creators. We operate under a strict "Merchant of Record" model where we handle the compliance burden before settling funds.
Business Model: Subscription & Invoicing for Creators (Marketplace/Platform)
Payment Partners: Stripe (Active) • Paystack (Coming Soon for Local Nigerian Payments)
2. Funds Flow & Settlement Model
We operate a Direct Charge + Programmatic Transfer model to ensure platform integrity and fee management.
Collection
- Supporter pays via Stripe Checkout (Card, Apple Pay, Google Pay)
- Funds settled directly into NatePay corporate Stripe Balance
- KYC: Supporter's email and payment details collected via Stripe's secure checkout
Allocation
- System instantly records the transaction
- Calculates creator's net earnings (Gross minus NatePay Platform Fee)
- Creator's "Wallet Balance" on NatePay is updated virtually
Payout (Settlement)
- Stripe Connect API programmatically transfers net earnings
- Funds sent from corporate balance to creator's verified bank account
- Payouts processed automatically per Stripe Connect schedule
3. Anti-Money Laundering (AML) & Fraud Prevention
We enforce strict controls to prevent illicit use of our platform.
A. Creator Verification (KYC)
Before a creator can receive a single Dollar, they must complete our onboarding process:
- Stripe Connect Onboarding: Creators complete Stripe's comprehensive identity verification and bank account validation process.
- Global Compliance: Stripe handles regional compliance requirements including identity verification across supported countries.
- Duplicate Checks: Our system flags and blocks duplicate accounts across different user profiles to prevent "smurfing" (structuring).
B. Transaction Monitoring
- Velocity Limits: We monitor for unusual spikes in transaction volume (e.g., a new creator suddenly receiving large amounts) and flag them for manual review.
- Webhooks & Audit Trails: Every transaction is logged with a tamper-proof audit trail using Stripe Webhooks. We store the Stripe payment intent ID, IP address, and timestamp for every payment.
4. Technical Reliability (Reconciliation)
To ensure no funds are ever lost or unaccounted for, we have implemented a Triple-Layer Reconciliation System.
Real-Time Webhooks
We process payment_intent.succeeded events immediately using Stripe's cryptographic signature verification to confirm authenticity.
Distributed Locking
Our backend prevents double-crediting by using distributed locks on transaction processing.
Nightly Reconciliation
A scheduled automated system queries the Stripe API every night to fetch all successful transactions from the last 48 hours and compares them against our internal ledger. Any discrepancy triggers an immediate alert.
5. Refund & Dispute Management
Disputes
We have a dedicated admin dashboard to view and respond to Stripe Disputes. If a creator receives a chargeback, the funds are automatically deducted from their NatePay balance or future earnings.
Refunds
We maintain a reserve in our Stripe Balance to facilitate immediate refunds to supporters if a creator fails to deliver promised services.
6. Data Security
PII Encryption
Sensitive user data (like bank account numbers) is encrypted at rest in our database using industry-standard AES-256 encryption.
No Card Data Storage
We do not store or process credit card numbers. All card data is handled exclusively by Stripe's PCI-DSS Level 1 compliant elements and checkout.
Security & Compliance Certifications
Questions About Our Compliance?
We're committed to transparency. Contact our compliance team for more information.