Security and privacy are not features — they are the foundation. Built PDPA-compliant from day one.
OneMember is designed to comply with Thailand's Personal Data Protection Act. Consent is captured at member enrolment. Members can request data access or deletion at any time.
All data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed using bcrypt. No plain-text credentials ever stored.
All merchant accounts require verified email addresses before access is granted. This prevents fraudulent account creation.
Every merchant's data is strictly isolated. No cross-merchant data leakage is architecturally possible. All resource access is authorised at the query level.
Billing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. OneMember never stores card numbers.
Debug tools and developer routes are completely disabled in production. Multiple gates prevent accidental exposure.
OneMember is built to comply with the PDPA (พระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. 2562). Key protections:
PDPA compliant since launch
We take security vulnerabilities seriously. If you discover a security issue in OneMember, please report it responsibly.
Email us at security@onemember.co
We will acknowledge your report within 48 hours and aim to resolve critical issues within 7 days. We do not currently run a bug bounty programme, but we will publicly credit responsible disclosures if the reporter wishes.
Our team is happy to answer security questions or discuss data processing agreements for enterprise customers.