Security Overview

Security is the foundation of Pybara. Here’s how we protect your payments.

Trustless Architecture

No Custody

Pybara never holds customer funds. Payments go directly from customer to merchant.

Blackhole Canister

The payment verification canister is a blackhole canister — immutable code that cannot be upgraded or modified.

Transparent & Auditable

The payment canister code is publicly verifiable on-chain. All payment transactions are recorded on the Internet Computer’s public ledgers and can be independently verified.

Internet Computer Security

Blockchain Verification

Every payment is verified on the Internet Computer blockchain. No centralized server can fake or modify transactions.

Subnet Consensus

Transactions require consensus from multiple nodes in the subnet. No single point of failure.

Certified Responses

All data served from IC canisters is cryptographically certified by the subnet.

Wallet Security

Internet Identity

Authentication uses Internet Identity — a decentralized, passwordless system using:

Biometric authentication (Face ID, Touch ID, Windows Hello)
Hardware security keys
No passwords to steal or leak

Non-Custodial

Wallets are non-custodial. Users control their own keys. Pybara cannot access user funds.

Smart Contract Security

Audited Code

All smart contracts are publicly auditable and follow IC best practices.

Immutable Logic

Payment verification logic is immutable (blackhole canister). No upgrades, no changes.

Access Controls

Proper access controls prevent unauthorized operations.

Responsible Disclosure

Found a security issue? Please report it responsibly:

Responsible Disclosure Policy
Email: security@pybara.com
Bug bounty program (coming soon)