Calm, serious infrastructure you can trust
Enterprise-grade security posture with cloud-native deployment, isolated environments, comprehensive audit logging and operational resilience foundations.
Cloud-Native Deployment
Google Cloud Platform with managed services — Cloud Run for compute, Cloud SQL for data, Secret Manager for credentials.
Environment Isolation
Separate infrastructure for development, staging and production with distinct credentials, networks and access controls.
Comprehensive Audit Logging
Immutable JSONB audit events with correlation IDs, timestamps, actor identification and full operation context.
Observability Stack
Micrometer metrics exposed via Prometheus, structured JSON logging, health endpoints and alerting foundations.
Authentication & Authorisation
JWT-based authentication with role-aware patterns, session management and separate admin/customer access paths.
Data Protection
PostgreSQL with encryption at rest (Cloud SQL), TLS in transit, structured data retention and backup automation.
Secret Management
GCP Secret Manager for all sensitive configuration — database credentials, API keys, JWT secrets and integration tokens.
Admin Access Controls
Separate admin authentication with operational audit trails, action logging and controlled access to sensitive operations.
Error Handling & Isolation
Anti-corruption layer prevents external system errors from leaking. Structured error responses, retry strategies and circuit breaker patterns.
Operational Resilience
Architecture designed with graceful degradation, health monitoring, automated recovery and incident investigation support.
Security as an architectural concern
Security in dolfin pay is not a feature — it's an architectural concern that influences every design decision. From how we handle authentication and authorisation to how we structure audit events and manage deployment environments, security awareness is embedded in the development process.
The platform is designed to support teams operating in regulated environments where data protection, operational controls and audit traceability are non-negotiable requirements.
Questions about our security posture?
We're happy to discuss our architecture, deployment model and security practices.