How we protect you and your money

The plain-language version of how HayloFriend keeps your money, your data, and your account safe, and how we stay accountable for it. Deeper engineering evidence lives in internal docs; here we focus on what you deserve to understand.

Least privilege, on purpose

Sensitive decisions run on the server where we can enforce rules consistently.
Showing data and changing data are separated so the UI can’t accidentally claim authority it shouldn’t.
Extra verification shows up for higher-risk cash-out actions, not for everyday browsing.

Records you could explain to a friend

Release notes stay dated so you can see what changed and when, not a vague “we improved things.”
Money events stay tied to sources you could point to later if you needed to reconstruct what happened.
Health snapshots back our story without turning this Help Center into an engineering playbook.

Staying ready when something breaks

We invest in routing, auth, and ledger stability so surprise loops are rarer for real people.
Monitoring and runbooks help us notice and respond faster, before a small blur becomes a big story.
When we learn something, we say what we fixed and what we’re still watching.

When something does go wrong, we say so plainly. See Status & incidents for honest write-ups of what happened and how we fixed it, or status.haylofriend.com for live system health.

Common questions

Your money

Is my money safe on HayloFriend?

Yes. Stripe holds the funds and is the only thing that finalizes money. HayloFriend never holds your balance or moves money on its own, and our records only reflect what Stripe has confirmed. Every payment is processed exactly once, so a retry or a hiccup cannot double-charge or double-pay you.

How does my money actually move, from a supporter to my bank?

When someone supports you, their payment goes to Stripe, which collects and holds the money. Stripe confirms the payment to us, and only that confirmation adds a line to your ledger. You watch it land in Your impact, and it pays out to your bank on Friday. Nothing on the page can create or move money on its own. Stripe confirms it first, then we record it.

What lives in my ledger, and why can't the money side be changed?

Two things sit side by side. On one side are identity anchors, the record of who each gratitude belongs to, which we hold and honor carefully. On the other side is the money truth, a mirror of what Stripe confirmed. The money side is append-only: lines can be added but never edited, deleted, or manipulated, not by you and not by us. If something ever needs correcting, we add a new balancing line, so the real history always stays intact.

Where does the balance I see come from?

Your available balance is mirrored from Stripe, the source of truth for your funds. HayloFriend reflects what Stripe shows instead of inventing its own number, and every payment is checked against its intended recipient before it is ever recorded. We verify first, then reflect.

Could a tip go to the wrong person, or my history be changed by mistake?

No. Each payment is stamped with its intended recipient and verified before it is recorded, and the record is append-only, so past money events cannot be quietly edited, even by us. Any correction is added as a new entry, never by rewriting what happened.

Security & privacy

What stops someone from gaming a payout or cashing out money that isn't theirs?

Cashing out is one of the most protected actions on HayloFriend. Before any money leaves, you clear a Cloudflare CAPTCHA that proves a real person is asking, not a bot or a script. We also limit how often a cash-out can be attempted, and each request carries a one-time key, so the same withdrawal can never run twice. You can only ever move your own confirmed balance, and only to your own connected Stripe account.

Does HayloFriend ever see my card or bank details?

No. Payments and payouts run entirely through Stripe. Your card numbers and bank details never touch HayloFriend.

Who can see my activity and personal information?

Only you. Our database enforces rules so people see only their own data, and sensitive decisions run on our servers, not in your browser. If a supporter chooses to stay anonymous, that choice cannot be undone and their name is never stored with the money.

How is my account protected?

You sign in with Google, so there is no HayloFriend password for anyone to steal. Sessions use secure, browser-protected cookies, we never put secrets in the browser, and higher-risk actions like cashing out ask for an extra verification step.

Accountability

If something ever looked wrong, could you prove what really happened?

Yes. Every money moment leaves a dated record, and because that record can only be added to, never edited or erased, there is always a receipt of what happened and when. If you, a partner, or an auditor ever needed to retrace a payment, the trail is right there to follow.

Do you actually keep checking this, or is it written down once and forgotten?

We keep checking on a schedule, not from memory. Every two weeks we run checks that confirm our records and safety controls are still current, and we do deeper reviews each month and each quarter. We want our trust to be boring: regular reviews, dated proof, and no surprises.

Could an outside auditor actually verify all of this?

Yes. We write our controls down and keep the dated evidence that backs each one, so a reviewer can check our work instead of taking our word for it. We are not claiming a finished SOC 2 examination, but we run the program that keeps us ready for one, and a real person, not a script, signs off on the parts that matter most.

Is HayloFriend SOC 2 certified?

We do not claim a completed SOC 2 examination. We design and enforce our controls against the SOC 2 trust criteria for access, change management, and processing integrity, with the evidence traceable in our own code, and we keep an ongoing internal readiness and evidence program.