Security at Chargeflow

When you first join Chargeflow, you put a lot of trust in our systems, and we take that very seriously. Our certifications and the standards we choose to meet are one way we demonstrate our commitment to maintaining your trust.
Here at Chargeflow,
We understand that your payment processor is one of the most important and sensitive source of data in your business. Chargeflow has been built from the ground up with security as a first-principle. Connections to any one of our approved integration partners are using the official API's (Application Programming Interface) that are provided by our approved platforms. (PayPal, Stripe, Shopify)

In order to submit disputes on your behalf we may ask for limited read-write privileges. We will never create a charge or customer on your behalf. If you have any concerns about security, please feel free to get in touch directly at: hello@chargeflow.io

Chargeflow uses industry standard technologies and services to secure your data from unauthorized access, disclosure, inappropriate use, and loss of access. We ensure that the security policies of all our subprocessors are documented and up-to-date with industry compliance standards where required (PCI, GDPR, etc).
Multi-factor Authentication
MFA is a best practice that adds an extra layer of protection on top of our server's user name and password. With MFA enabled, when a user signs in to Chargeflow's Management Console, they will be prompted for their user name and password, as well as for an authentication code from their MFA device, taken together, these multiple factors provide increased security for our system's settings and resources.
Credit Card Safety
When you register your credit card with Chargeflow, your credit card data is not transmitted through nor stored on our systems. Instead, we depend on Stripe. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe’s security information is available online.
OAuth 2.0
Our official Integrations with Stripe, PayPal and Shopify are facilitated via their official OAuth applications: Stripe Connect, Login with PayPal and Login with Shopify. You can revoke Chargeflow's access at any time via your Stripe Dashboard, PayPal Dashboard, Shopify Dashboard or Chargeflow Dashboard.
Data Encryption
All data in Chargeflow servers is automatically encrypted at rest using AWS Encryption & Chargeflow proprietary encryption technology. All volumes are encrypted in AWS using the industry-standard AES-256 algorithm.

Servers

Chargeflow infrastructure is hosted on Amazon Web Services (AWS). The AWS data centers are equipped with multiple levels of physical access barriers, that include: Alarms, Outer Perimeter Fencing that is crash-rated for vehicles, Electronic Access Cards, Video Surveillance and Internal Trip-Lights.

For more information on AWS Security features, you can refer to this whitepaper. Chargeflow employees do not have physical access to AWS data centers, servers, network equipment, or storage.

The location of the AWS servers where we run our infrastructure depends on different factors. We are not able to provide the exact physical address of the data centre as Amazon has historically been quite reticent in publishing location information of their facilities for security reasons.

Disclosure Policy

In the event of a data breach, Chargeflow defers to GDPR regulations, which maintains that customers shall be notified within 72 hours of a data breach, where feasible.Chargeflow maintains a live report of operational uptime and issues on our status page. Anyone can subscribe to updates via email from the status page.

Reporting System Failures and Breaches

If at anytime you become aware of a system failure or breach, please contact us immediately at: hello@chargeflow.io