01
Tenant isolation
Organization identity comes from the API-key context; caller-supplied organization IDs are claims that must match.
Compliance by construction
YembiPay combines scoped tenant authority, sanctions and AML evidence, bounded public verification, and an append-only audit trail without claiming that software replaces legal or regulatory judgment.
Control layers
Every control has an authority, a failure state, a traceable decision, and a testable boundary.
01
Organization identity comes from the API-key context; caller-supplied organization IDs are claims that must match.
02
Dataset generation, match evidence, policy version, and decision outcome bind to the screened subject.
03
Velocity, amount, corridor, and behavioral controls produce reviewable events without logging sensitive raw data.
04
Mutations and terminal outcomes preserve actor, object, request, timestamp, and integrity references.
Data discipline
Public verification returns minimum necessary facts. Webhook secrets appear once. Logs keep request and security decisions while excluding credentials and sensitive recipient data.
Compliance outcomes are evidence-backed product states, not blanket regulatory guarantees.
Scope statement
Assurance path
Architecture, code, migrations, CI, external tests, live-host verification, and contract audits each prove a different part of the control environment.
Scope, ownership, validation, and fail-closed configuration stop invalid work.
Structured, redacted security events and bounded health signals expose failures.
Durable cursors, idempotency, and reconciliation prevent blind replay.
Blocking tests and exported evidence make the posture reviewable.