Security at Chargeflow

We appreciate and take very seriously the trust you put in us when you join Chargeflow,. We hold ourselves to the highest standards and are diligently thriving towards obtaining SOC2 certification to demonstrate our commitment to maintaining your trust.
Here at Chargeflow,
We understand that your payment processor  extremely important and sensitive for your business. Chargeflow has been built from the ground up  as a ‘security first’ organization.. Connections to any one of our approved integration partners are using the official API's that are provided by our approved platforms. (PayPal, Stripe, Shopify)

In order to submit disputes on your behalf we may ask for limited read-write privileges following the ‘least privilege’ principle. We will never create a charge or customer on your behalf. If you have any concerns about security, please feel free to get in touch directly at: hello@chargeflow.io

Chargeflow uses security industry best practices, and cutting edge standard technologies and services to secure your data from unauthorized access, disclosure, inappropriate use, and loss of access. We ensure that our sub-processors adhere to appropriate security policies and standards and are up-to-date with industry compliance standards where required (PCI, GDPR, etc).
Multi-factor Authentication
MFA is a best practice for ensuring the protection of your data from unwanted access.  that is added as an extra layer of protection on top of our server's user name and password authentication. MFA is enabled on each and every Chargeflow account that might have access to your data. These multiple factors provide increased security for our system's settings and resources.
Credit Card Safety
When you register your credit card with Chargeflow, your credit card data is never transmitted through nor stored on our systems. Instead, we rely on Stripe. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe’s security information is available online.
OAuth 2.0
OAuth 2.0 is the industry-standard protocol for authorization and is our standard for integrations with Stripe, PayPal and Shopify are facilitated via their official OAuth applications: Stripe Connect, Login with PayPal and Login with Shopify. The fact that we are using OAuth 2.0 means you can revoke Chargeflow's access at any time via your Stripe Dashboard, PayPal Dashboard, Shopify Dashboard or Chargeflow Dashboard.
Data Encryption
All data in Chargeflow servers is automatically encrypted at rest using AWS Encryption & Chargeflow proprietary encryption technology. All volumes are encrypted in AWS using the industry-standard AES-256 algorithm. Our communication is always encrypted.

Infrastructure security

Chargeflow infrastructure is hosted on Amazon Web Services (AWS). The AWS data centers are equipped with multiple levels of physical access barriers, that include: Alarms, Outer Perimeter Fencing that is crash-rated for vehicles, Electronic Access Cards, Video Surveillance and Internal Trip-Lights.

For more information on AWS Security features, you can refer to this whitepaper. Chargeflow employees do not have physical access to AWS data centers, servers, network equipment, or storage.

The location of the AWS servers where we run our infrastructure depends on different factors. We are not able to provide the exact physical address of the data center as Amazon has historically been quite reticent in publishing location information of their facilities for security reasons. 

Disclosure Policy

In the event of a data breach, Chargeflow follows the GDPR regulations, which maintains that customers shall be notified within 72 hours of a data breach, where feasible. Chargeflow maintains a live report of operational uptime and issues on our status page. Anyone can subscribe to updates via email from the status page.

Subprocessors

Chargeflow uses the following subprocessors to assist Chargeflow in the provision of the Chargeflow product:

- AWS
- Google
- Atlas (MongoDB)
- SendGrid
- Slack
- Stripe
- Intercom

Reporting System Failures and Breaches

If at anytime you become aware of a system failure or breach, please contact us immediately at: hello@chargeflow.io