Control works by communicating with your payment platform through OAuth Connect.
This means that the Control app never sees the login credentials you input on the login screen. After you authorize the Control app, your payment platform’s server provides the Control app with an access token to communicate between the payment platform API, Control, and Control Push.
All communication between Control, the payment platform API, and Webhooks is done over SSL.
You can revoke access to the Control app through your payment platform’s user settings at any time.
See here for more information on Connecting your Payment Platform.