Platform

NewsLatest KERI updatesFeaturesWhat KERI can doHow it worksThe order flow end to endComparisonKERI vs the competitionPricingPlans for restaurants

Integrations

For customersTelegram, website, app coming soonFor couriersSign up and start earningPaymentsIDram, cards, payoutsPurchasingSoonAuto-orders from suppliers

API

DocumentationSoonGuides and tutorialsREST APISoonEndpoint referenceSDKSoonTypeScript client

Resources

StatusUptime and incidentsLinksEvery KERI serviceSecurityPolicies and standards

About KERI

About usMission and teamCareersHiringWe are hiringBrand bookLogo, colors, typography

Contact and legal

ContactsHow to reach usSupport24/7 helpPrivacyHow we handle dataTermsUser agreement
Order
Get started

Security

Platform
security

Security is not a feature — it’s the foundation of KERI.AM’s architecture. Here is exactly how we protect your data and your money.

All systems operational· Updated today

01 / INFRASTRUCTURE

Hardened infrastructure

All KERI.AM services run in isolated containers on a SOC 2 Type II certified cloud platform. The network perimeter is protected by a WAF and DDoS mitigation.

Encryption at rest

AES-256-GCM

Transport protocol

TLS 1.3

Cloud platform

EU Region, SOC 2

DDoS protection

Active

02 / PAYMENTS

Payment security

We do not store bank card data. All transactions are processed through a PCI DSS Level 1 certified payment gateway — the industry’s highest standard.

Standard

PCI DSS Level 1

Card storage

None

Tokenization

Vault Tokenization

3D Secure

v2.0 / required

03 / AUTHENTICATION

Identity and access

Telegram authorization uses cryptographically signed initData — we never ask for passwords. KERI.AM staff use hardware security keys.

User authentication

Telegram OAuth 2.0

Staff access

FIDO2 / Hardware Key

Least privilege

Zero Trust

Access logs

365 days

04 / MONITORING

Continuous monitoring

The security stack runs 24/7. Automatic alerts fire on anomalous patterns, brute-force attempts, or unusual account activity.

Monitoring

24 / 7 / 365

Incident response time

< 15 minutes

Anomaly and fraud

ML detection

Backups

Every 6 hours

LATEST AUDIT

Q1 2026

Independent security audit. No critical vulnerabilities identified.

VULNERABILITY DISCLOSURE

Bug Bounty

Report a vulnerability and get a reward. We value responsible disclosure.

COMPLIANCE

GDPR · PCI DSS

Compliance with European and Armenian data protection requirements.

Frequently asked questions

01

How do I report a vulnerability?

Email [email protected] with a description of the issue. We respond within 24 hours and thank you for the responsible disclosure.

02

What happens if there is a data breach?

We notify affected users within 72 hours, in line with GDPR and Armenian law. The incident is documented and investigated.

03

How is the Telegram bot conversation protected?

Telegram provides transport-layer encryption. We only store the order data we need and do not log the contents of conversations.

04

Do you run independent audits?

Yes. An annual security audit is conducted by an independent organization. The summary of results is published in this section.

05

Can I delete all my data?

Yes. Email [email protected] — we will delete all data within 30 days, except information we are legally required to keep (transaction data — 3 years).

Report a vulnerability

If you have found a potential vulnerability in the KERI.AM platform — please disclose it responsibly. We guarantee confidentiality and our gratitude.

[email protected]