Secure and Reliable Billing Software

A combination of enterprise-grade security to protect your customers and proven reliability to keep your recurring billing running smoothly.

About ChargeOver

ChargeOver offers subscription billing and recurring billing management solutions for businesses across many industries.ChargeOver takes data security very seriously. We understand that you're trusting us with your data, and we do everything possible to keep that data secure and continuously look for opportunities to make improvements. As an overview:

  • House all of our servers in secure, US-based data centers.
  • Filter all incoming and outgoing traffic through hardware firewalls.
  • Do not utilize wireless access at all within our network.
  • Store all possibly sensitive data encrypted on our servers.
  • Only allow incoming connections into our network via industry-standard SSL/HTTPS encrypted sessions.
  • Regularly run penetration-testing exercises and vulnerability-checks against our network.
  • Track and monitor incoming and outgoing connections extensively.Utilize industry-standard 256-bit encryption for all SSL connections.
  • Perform weekly, ASV-certified security scans/audits, internal and external network scans, and other PCI compliance checks.

PCI Compliance - Level 1 Service Provider

ChargeOver is certified as a PCI-DSS compliant Level 1 Service Provider.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of policies and procedures that have to be followed by the organizations that process, store or transmit card data. The PCI Security Standards Council is governed by the five major payment card brands - American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.

Attestation of Compliance / Report on Compliance documents are available on request.

Monitoring

We utilize both internal and multiple external monitoring services to monitor ChargeOver. The monitoring systems will alert both operations and security team members through sms, pager and phone call notifications if there are any errors or abnormalities in application state.

Disclosure

We’re continually working to make our system secure. If you find any security issues, please submit it to security@chargeover.com. Security is our highest priority. We will make sure the issue is fixed and updated as soon as possible.

PGP Key

By default, we provide a PGP key to encrypt sensitive communication that you send to us.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF3wBTkBEAD1Zfv/te07xtb23ZimKK5BCZC5QsDueoqcTvekPaL+93aEpgeE
32sZOHFVOtDXn5+RQyVeuHDo/oR1pI1zYNkYqmfROF4FnIsW7iBlsRmJKieDZBjs
P4WGYUqpt7AhRsrXheEKhxt4ju8J7x49+wpDTwN8ILbrZ8c8MBBOxgdvMqB4ifZO
Btbb+KOs9dP4nem/vSCRdtE9X9IgrdbycCxE7SmD0FOvjPC9zBzSklXLbxVoHwHj
/i0u101ApUH0HTdtyYbgGEZkPYicu+orAxw3oJu80aytWO59ror8BafcGG158RRV
BZW/J3otyVm7HBG/QAIAM7bX0Xsb8UMy+iKQjq5W/FOEOQMI+xWoA3kzf/1FReVK
4jRIhEIW2n90P9fqx4ukGh905aNCagkqpbpPztNrBZ8UFg4nfLp6ldq2EHMmqji8
PeTZTXJbKkW5PR3Ni0BhODNDKSdpX/7CCg3ytBPqLGVXr+fSI/Yvsmqo+wVz0cRb
wms64DdM6XeKy1ji9aSeIlPUZ9H3SaubRkztbFS8uIYaHWIgGbmhU/tgk4hLGGyt
5BZLud3CRogLm8v0UYfEEYxjWzpBbekY/0bCYCnIVEiVjaSw1bFZn84B0NAzhEKR
JO/jlObLS6yPTmGSoArIpDwor8IMn5I7uMRxrZDxzt784uBimLQLRpKh/wARAQAB
tC1DaGFyZ2VPdmVyIFNlY3VyaXR5IDxzZWN1cml0eUBjaGFyZ2VvdmVyLmNvbT6J
AlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQSk1g3MYhT/HF5D
341SCfAvKVvF8QUCX9oaAQUJBaw1eAAKCRBSCfAvKVvF8UFJD/sHiyTEd1i/YX6K
sFDVfTNSKZRLRY5wog0cEGv4zlCrTe4qq0lpLg00BHIDciwnHWj38l0s7W/BE+s2
syJBMbMvsledbaADJGd/dToOOcB9sZ+kXtUYgffxRNw6lHprICEhV7dv3k/3CSZW
xQmi169iomLdbvdUdWdSNFvPYIKhwT95IAVdJVNCqPcDK0nOxYefb18XR0usVsui
LDUVqup86pcNdFu2K7XF5AZx/DTuCBgwo4HGXyjseVP6yywY/9hMKRa4k1jTG/C1
OTdDkaY48zpGlIo6oSa6fTlyejHoCK4AEI8wjX0+HhW6Q7UlnRyEDSVdjXRL32oH
i9+26LKcGsom+dhONa4b1U/CJ/m4w63vAPWyLfW4ohIdC+sZOTl5QY+aPoD99qUA
jcw3Pb+J/792RsEKEc1bdMT7SVK7u7kZFOa2j4N5qBa+Z5cUhTobXEfN80dI9686
B5eGTeS0apBGw7P+fT17iNslwf88lZQBpS885DvxWGN71EUfwKHrSd4FFLPmgWJM
25HH81qzsfeSUEHL4jvLNirCUybyKv04f1W06xTj2uLCmQjyurYSji0lLacXAmV6
bZ7wY1nuXSnhtzPM10TyIzWZJ0i4cNoEvfRZK+v9rkxLZhRhp34wvZYV8HYKBtmx
+7VFbaz1R+M6iM0qqtwgBlNzsPjTZ7kCDQRd8AU5ARAA0cdrXUrsaiqX5Qx4tEov
dOLCAVkrKDHvkj+WrEXAsCA1t83rqS1+/d8nrpfdsWd3s2zLZbNE2W/wNOzhs524
1F9wYScsjl8ceZ1iiM+peFbEzVLG+2xYxjTeKC/AZScTN4CwC2hO1uXJxVMmJbIi
s+zNt4gKl9XFOqjzRu8ssGmQWtLnBF5H7JyxcmvQjgiZNKz+vnfHfWbOd5SxV87f
0ZU1dMdoz5oM4X5roXHzLNPCnM29K98EWXVjMXyIco26cK+GyQuVuDieVVyGk2JT
0I9CxQV6wdtA/yq3U/UJ4KreT1PVwcdAOZI4wGIc0/AdR9a+sTFOAL9HS7CHCv2I
9EEq5bJAKoJfoTlbB9w6VIskVVfmusAfRuPUm3FkbbBiUTtq/VWqAPIUlCEXoiEJ
7P0UYWPe33DQDb7hgXzZgzryVZSK/PJdj61Sy6MWLHa4WOkabvoPzr+KwmPNJIpL
Urls9a2dvXH14TgSqQWoX01sWlKcwRlv0CI/FRbqHIT0CY44y0greLANK1uRXoso
EePMKXM3OKsP0X6sO31K8JKAkZ1e1y5JYQleNKHZS2ovb75FTHnOkSOXOVHbY4NZ
L4q6d/ZIioLqlM+6GyugMDiYuf/VmPySMW8fREJ042ZuhjS3emzIqKzMvt5nrQmP
HhDnOyTzI6NMYl7ctKgft0kAEQEAAYkCPAQYAQoAJgIbDBYhBKTWDcxiFP8cXkPf
jVIJ8C8pW8XxBQJf2hoBBQkFrDV4AAoJEFIJ8C8pW8XxkTIP/17CdfolENm/DTe6
3wmpK19KmnfDEdtPOh4noP7amsrxauAZBtlekYIRlLQlYJHTlpBkjIRDDiNVfo9Z
QRir3uuEzm+b/KudiC80avzDt/rHCU6D9pemLZUyp8xS9IK1jBgYbEu/e2UDpdz0
8d3zEWdLWzQotnJQruYW7InoDJ6ZQNAZd/LyWvM4aC6ft0bhUIyy2+8J9BUhR0K4
anTxVBL3Z5uDogNa3n0rLooIuzrAheEpa7pGpj91SHMaDBnZeTF4Hsn+DPeHp9AB
ap6oh1JA9x1AjxPTjvBLRnItyVBriGOAASjJg4AhisK9vH6GdUMYTGIEXBSAIAL4
R9lKjkD5OQB+SSVjqEfWvwAXKQyp1ta99H0/7XevmxR+AlDnWSzH/khvZFdVISG9
W2nSFSpU6zGpK979/cvMcgbbBX7Wz32ZJXMLAvcyXVuFCyr6nZHfFJQvdKTCeI+s
R4SIfkCykExL0IXV49kzAQHDDe3hiO1lkArEX7EZZxdmCGc5WoibLZ7PTWBXVNZP
boj7dBeiL+f/8vwEch0ZKodKJSHjIdYvG5rS4MeY79td+BCM7QuwSdaOkrSUQncn
UqVw5/x3EBJ2wpkyM0x4mSLU3PPfUkHp1uOeBpfhxmS33JZiIlD7TkLZfPzjZ6Yb
nDvVk/DPf5/TjHhQLYC4TZVI+mvs =VJ6H
-----END PGP PUBLIC KEY BLOCK-----

Key Id:

295BC5F1

Type:

RSA

Key Size:

4096

User Id:

security@chargeover.com

Fingerprint:

A4D6 0DCC 6214 FF1C 5E43 DF8D 5209 F02F 295B C5F1

Expires:

2024-12-16

Vulnerability Scanning & Patching

Data Security

The following data is encrypted at rest within ChargeOver (there may be other data that's encrypted at rest as well, but at the very least this much is):

  • ACH bank account numbers, routing numbers, name on the bank account, bank account address information
  • Configuration data (e.g. how you have configured ChargeOver)
  • API and webhook credentials and settings (webhook URL, API public/private keys, etc.)
  • SMTP/Sendgrid/Mandrill/Mailgun credentials
  • Credit card numbers, name on card, credit card address information, client-side encryption tokens, client-side encryption options,
  • Payment gateway credentials and tokens
  • Integration credentials and configuration (includes any API keys, etc. entered for integrated applications)