Trust
We can't lose what we don't hold
Ocuula is non-custodial by design. Funds never enter our infrastructure. We calculate split instructions and pass them to Moolre. Your money stays in your Moolre wallet — we don't have a bank account, a wallet, or any mechanism to hold funds.
Non-Custodial Architecture
Our platform never holds, stores, or transmits payment instrument credentials. We operate as a middleware layer that sits between your application and your payment processor.
When you configure a split rule, our system calculates the distribution and sends disbursement instructions to your connected processor. The processor executes the actual fund movements. We never have access to funds in transit.
This architecture removes the need for PCI DSS compliance on our side and reduces your exposure in the event of a security incident.
Data Protection
Encryption at rest. All data stored in our database is encrypted using AES-256. API keys for payment processors are encrypted with a separate key management system before storage.
Encryption in transit. All API traffic is served exclusively over TLS 1.3. We maintain an A+ TLS rating and enforce HTTP Strict Transport Security (HSTS).
Key management. Payment processor credentials are encrypted at the application layer before being written to the database. Decryption keys are stored separately and never logged.
Backups. Data is backed up continuously with point-in-time recovery. Backups are encrypted and stored in a separate geographic region from primary data.
Access Controls
API authentication. All API requests must include a valid API key in the request header. API keys are assigned specific permissions and can be revoked independently.
Multi-sig approvals. High-value or sensitive split configurations can require multiple team members to approve before taking effect. Approval requirements are configurable per rule.
Team-based access. Organization owners control who can view, create, approve, or modify routing rules. Role-based access is enforced at the database query level.
Session management. Dashboard sessions use short-lived tokens with automatic refresh. Sessions are invalidated on password change or explicit logout.
Compliance
Audit log. Every API call and configuration change is recorded in an immutable audit log with timestamps, actor identity, and before/after state. Logs are retained for 7 years.
Transaction integrity. Split calculations use integer arithmetic (smallest currency unit) to prevent floating-point rounding errors. Each transaction is logged atomically with its disbursement instructions.
Data residency. Primary data is stored in West Africa (Ghana) with cross-region backups. Enterprise customers can request specific data residency arrangements.
What if Ocuula goes down?
Because Ocuula is non-custodial middleware, not a payment gateway, the worst case is not "we lost your money." The worst case is "splits don't process until Ocuula is back."
- Your funds stay in your Moolre wallet. We don't hold, transmit, or custody money. An Ocuula outage has no impact on your Moolre balance.
- Existing routing rules are cached. Your last known split configurations continue to operate. New splits queue and replay when service resumes.
- Your direct Moolre integration is unaffected. Ocuula sits beside your payment processor, not between you and it. You can always make direct transfers through Moolre.
- Queued splits resume automatically. Our durable execution model ensures pending disbursements complete once the service is reachable.
Vulnerability Disclosure
If you discover a security vulnerability in our platform, please report it responsibly. We operate a coordinated disclosure policy:
- Email details to security@ocuula.com
- Allow reasonable time for assessment and remediation
- Do not publicly disclose the issue before we address it
- Do not access or modify data that does not belong to you
We commit to acknowledging receipt within 48 hours and providing status updates throughout the remediation process. We do not offer bounties at this time but will credit researchers who report valid issues.

