About ChargeOver

ChargeOver offers subscription billing and recurring billing management solutions for businesses across many industries.

ChargeOver takes data security very seriously. We understand that you're trusting us with your data, and we do everything possible to keep that data secure and continuously look for opportunities to make improvements. As an overview:

  • House all of our servers in secure, US-based data centers.
  • Filter all incoming and outgoing traffic through hardware firewalls.
  • Do not utilize wireless access at all within our network.
  • Store all possibly sensitive data encrypted on our servers.
  • Only allow incoming connections into our network via industry-standard SSL/HTTPS encrypted sessions.
  • Regularly run penetration-testing exercises and vulnerability-checks against our network.
  • Track and monitor incoming and outgoing connections extensively.
  • Utilize industry-standard 256-bit encryption for all SSL connections.
  • Perform weekly, ASV-certified security scans/audits, internal and external network scans, and other PCI compliance checks.

PCI Compliance

ChargeOver is PCI-DSS compliant

The Payment Card Industry Data Security Standard (PCI DSS) is a set of policies and procedures that have to be followed by the organizations that process, store or transmit card data. The PCI Security Standards Council is governed by the five major payment card brands - American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.

Monitoring

We utilize both internal and multiple external monitoring services to monitor ChargeOver. The monitoring systems will alert both operations and security team members through sms, pager and phone call notifications if there are any errors or abnormalities in application state.

Disclosure

We’re continually working to make our system secure. If you find any security issues, please submit it to security@chargeover.com. Security is our highest priority. We will make sure the issue is fixed and updated as soon as possible.

PGP Key

By default, we provide a PGP key to encrypt sensitive communication that you send to us.

                            
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFjceokBEAD0n3wMg30trb/i2TV8xUMPJ2PfmGk1ucVmvo5TsiBSA6yAJBCL
6Ef33KBXz0YMt8yMZGm32/LBrRFzHxBGyj4J2BAOgGqepDgm6faDmKhepVocvd6v
Xo9lcEwxnEfCYFNu9ImlxoufMkVIHYTUNX0euow1RNMsu0TqEO/cYvf9QfPT974+
ZVXwq4sO2a99W3o/qzNa4GU9+777vPr9ndawrmSxURuIWAUt/FsLHFP/yWEg/uzy
OI0QOqBgaCPRXAzXhI2Y+JOo+cCNiEXRA8+BYG61406zpHbXr2iKLARGPapre75E
S7/n1LZ8ufPrIDybohYlUAWZkg9sy3kQbMC3SwQOMGYMPTx1dsH37BRIh5AkWtJd
qjZHGcqXPWYyY9Y0ECyj25QD8nYVhLWHpHh60JyZRJoff9uJHO/+bu/WiEDx7G6n
RUJ8byk+PyNM3u3KUK3gT2KSFlyPz6zW9+EeZ1fOX4KKcIjQBtGJG2FLT2kV5j6W
NDm8SFPYBSYs+vHvjWZ1L0XoLQiEYOwj/VO+WMRpNGsXY8SKB64dxoPeefQP0Ebn
eL+WmF1Kmda+kn72uZclj9tePFMLDtlZxvXEsjOo6KCDBUMRIxEkmx6NujNvQI1s
Gej4ZoMIElZ8XbGigAnLuhopoNInqYZBMuwBu9OvfRq5sxE5RBS/ufqXDwARAQAB
tC1DaGFyZ2VPdmVyIFNlY3VyaXR5IDxzZWN1cml0eUBjaGFyZ2VvdmVyLmNvbT6J
Aj0EEwEKACcFAljceokCGwMFCQHVVgAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AA
CgkQ3IhqiS3eKGFg1xAAxyf/O2qsS/Ai6M0ZkjrnSkE0+rdzKU9nTsgpwrcPAzWU
jLt+pPGcWye8Pwi1zFsKSuoaXh9MfFawsfdWcoWRfzF8W+A4H8DAsfoZB+XaCJcV
tbocZxyv8BH+FMC5yT7Kt9e3uAzHDSV4E2tx8ZteOuJXaE7kTZt79j3nRDPSbrEN
IgCrxJX9U5JgjqK06Ds8MkV89AlkxRKfyY0K82qcYGDwP7RmJC7/AVZ/UfhAkvNx
vn7gYMT5uCEd8bzIQBQpKivzSsLx0jqCIAc/3nk3oPpZSNi++pwHQbj11ZkLAabi
3TVHKGkOwJBTd5xikWlNcDFFLGFC1xxW9Bh8QraTzExOtHSUJ3lGTuaY7NPwMXDX
HYnlk6Ei0KOjyY+eHhBABRPX4E839cS131W9fED+zSCin1CxFITeMNtZXRY0B1h4
FXxaBq/VgLuxZYG5D//GS478ikphqXlMVjviLJjstoPW9KoP9PH6p+u8seJorBqN
qzLZqCRFm8J9SifATWgzSo12numqXelDHR2p9MLzo/E9dEyvZFfgp3YFotylmIT7
WQ6TrVCH7tTVul5ZfxHxETh+8d/FHvDURsdnI5tnUHcahBE5F16CTCZGsXKGlJ4q
p5r6s/yuBAMtwCYrr3x1rFft9KXvlLi8bpNX5x7MQ1ou5RBCHCLPtXs8Q37ZjMa5
Ag0EWNx6iQEQANT+PSsslleiDh6MbZfmqY8y9gEJ9fQKQt8k5wr3rrLQqXDnXjGZ
lOHki9MUdCaciRSPWiQ+dnPLaqByCk2GWSpLHx765VKfuznXj4jhAUyAkCWp/ehy
RhcqEWFaAlodBljgJIYzMbaIhncYMFfzSOHFHZN4umq0Yk09vQez5xFpFiWCRgaw
LKQH9rHjavpPNfIkjuxT3U1SMQoSEmseGDoWdUA4jJoRWs8iu1gquNSn6Zd88HZE
i8Pf0u8C6HXRUwOl5c7u1BYJpp0FLXe+oXq7zIJsvEAFIfNVc136ogNjfqqJ0uZm
wzOVSo/2qyD7VnbGI6l5wIkcf9eRBZS1GKttrjhwuZTmp1AWuCiyRrGUAyJy9RLW
ExSM3l0mC22zUil5NU706VkcCREz8lC8KqRPdp4CRl1Kj81h4H38zWjiUsjENEQJ
He/Tc/LeDoG2/WOTee9tbSK5UTvEQ5AReyx7A+WexGJLObwOc1HC4rgRoTSqcPyg
3mDrGEhJutlJXI7MZtpKPzBPCe5DdUjOhvqmRYsvOfSdNUjuXo5VwXFRzvkwjVnG
EMTGiuetVW5fcKhUx+TCd0HmPU+meUJZ9sBLdPNUmrTaioc33fsK9IZQS/fPt3/P
cqOpQfMrmSIbACvM2Gg8oh0XBLvwSCTV4Ir2YV0KHrhwxtjSPOYPfJx1ABEBAAGJ
AiUEGAEKAA8FAljceokCGwwFCQHVVgAACgkQ3IhqiS3eKGFI5hAA4qZAz6iWlcFl
dS61CemzhSqYqsCVotMFCb8OFlDNRN3pC4TogTDgYQzKgPLeXUIiLRwFmED+GTos
oe4sIlsXAuD4Af25AHqLvWdhpZ+FQo+ba5wXzGHAvacjJ1r5gv90Fu/QS/rBDaK6
Ws5mvXU6mOS5kUgFKtogZvrt/Lnuza5PXFxnhkNKP+5oKBaIxtfj0QjRuNuEuilg
mSrB0gnepDkcbiQ8Ux9Ljca7dN8BhTfBSIzY4BlRDWRwHeN9RqYKq0JOFWYc2cPY
o4duk0RZjT+aj+sPcO7DUyDUWGytP6JxdVbuixxbr+SZ0RKMczTwg+m88REr7fZO
Ya1ixP66GIpXVifJnX8CcWLPzgRpLbwoW0JEikeru0LESZTZqQkovwsWv5RKX08c
VU4qJBZTcIxzU0a+pnEliVw64Zn0As2Oqs1JUroXomiQGoKYYHDmpZsnaaYJAnwb
a2PrnvgsdAD7G9HvRYg5aQDm3VCayZWJwyqWAAqYbSeSBbVF4xFDP5lh8ypGe2dN
durz00w2oUJh/cWnWmC/RxGunYMnaBCtfsrPqMNi6B/VcKXY0+HKf/jQmsjsrSFd
+xaAGd9yRpnnxljJBOUgzrCRL3c6u+aGEh9vvk0/WuxvACcEvirYccP4xXqZtAfD
AiAMTnYYBQqwOramK/XB+DD3+ZZXQJQ=
=+xVU
-----END PGP PUBLIC KEY BLOCK-----
                            
                        
Key Id:
2DDE2861
Type:
RSA
Key Size:
4096
User Id:
security@chargeover.com
Fingerprint:
4F7E E145 2594 5309 D405 DA39 DC88 6A89 2DDE 2861
Expires:
2017-03-20

Vulnerability Scanning & Patching

Data Security

The following data is encrypted at rest within ChargeOver (there may be other data that's encrypted at rest as well, but at the very least this much is):

  • ACH bank account numbers, routing numbers, name on the bank account, bank account address information
  • Configuration data (e.g. how you have configured ChargeOver)
  • API and webhook credentials and settings (webhook URL, API public/private keys, etc.)
  • SMTP/Sendgrid/Mandrill/Mailgun credentials
  • Credit card numbers, name on card, credit card address information, client-side encryption tokens, client-side encryption options,
  • Payment gateway credentials and tokens
  • Integration credentials and configuration (includes any API keys, etc. entered for integrated applications)

Comes with all the features you need for recurring billing.

Try it Free Request a Demo