About ChargeOver

ChargeOver offers subscription billing and recurring billing management solutions for businesses across many industries.

ChargeOver takes data security very seriously. We understand that you're trusting us with your data, and we do everything possible to keep that data secure and continuously look for opportunities to make improvements. As an overview:

  • House all of our servers in secure, US-based data centers.
  • Filter all incoming and outgoing traffic through hardware firewalls.
  • Do not utilize wireless access at all within our network.
  • Store all possibly sensitive data encrypted on our servers.
  • Only allow incoming connections into our network via industry-standard SSL/HTTPS encrypted sessions.
  • Regularly run penetration-testing exercises and vulnerability-checks against our network.
  • Track and monitor incoming and outgoing connections extensively.
  • Utilize industry-standard 256-bit encryption for all SSL connections.
  • Perform weekly, ASV-certified security scans/audits, internal and external network scans, and other PCI compliance checks.

PCI Compliance

ChargeOver is PCI-DSS compliant

The Payment Card Industry Data Security Standard (PCI DSS) is a set of policies and procedures that have to be followed by the organizations that process, store or transmit card data. The PCI Security Standards Council is governed by the five major payment card brands - American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.

Monitoring

We utilize both internal and multiple external monitoring services to monitor ChargeOver. The monitoring systems will alert both operations and security team members through sms, pager and phone call notifications if there are any errors or abnormalities in application state.

Disclosure

We’re continually working to make our system secure. If you find any security issues, please submit it to security@chargeover.com. Security is our highest priority. We will make sure the issue is fixed and updated as soon as possible.

PGP Key

By default, we provide a PGP key to encrypt sensitive communication that you send to us.

                            
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFroVr4BEADC2lJcReMYsDS9qO+S20eXEn+PlWW5ntkmzTXygh8FVJm6cVJA
PKQNRnmlFyGAqKqG1eJcAA6iTkV4b0PT5ZtSHXZvh04S8QZJvkrooGU2CJ6Kps+q
8CxFNmDjjrxuXVzpyAAenrgB16KHctmtW0iMG5O6+ZxX3+Nlpr7odlZnhqqOxu3o
HRoXg3Ep+LIf9VlEgfIRoTKYAXFNPQiXHX8RJkfWcxuKR+bGR3u+GWrv0NhIKqus
4APL9G3JUnPejxqnlO6SRfYGU8iLBbX4rMmlsBN2UU9aum+Z79BVcXFN6Q7idEwZ
LH1gkbFEQ3n3g/LYlKl3uMgKZRnIWOEhRF8l9STU4lJPeJrc/TaApTy7PuWMib+I
91RfE7eXpFssesvvBvE9hg3iNQvvE8pwvDFqajuzjxE53ZydQmp2IZ3bQtw2ZIDM
00v4j0uKA0xMUCQsI2JWfj6hPinry492efSGUJSHR4jnwZgJeAZriPkIGRFDkRjR
z58FZjfLdhTmRasq4EjXhRbOgTimVk+n2vwLrkfj2NkSZCVSr52PktG1XpvJrehS
OazJujSHAR7vr5Uzpi5IJz6ZfGxtsaunCLnJsiBqEKjn7C/IYR6fOuAr4Uhmnl1C
A+smwB4dNhJeO/dpqmx09NGoHxCxcj4UsC1eqUFI+q/uSZyZWwyCt1TzbQARAQAB
tC1DaGFyZ2VPdmVyIFNlY3VyaXR5IDxzZWN1aXJ0eUBjaGFyZ2VvdmVyLmNvbT6J
Aj0EEwEKACcFAlroVr4CGwMFCQHihQAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AA
CgkQuGLSCdkNob86tA/+Kyo8B9EOtlni55C+St5rsi273WM3y3RdPsFD5UdKsqEK
7hVvmxHlus0MRhNCAqeQo25hT+V5l6IZxmxe0VB+FUGxcyC2vNy4nlTT9P8EjES1
a5HDB9/dGtIhGiYJcVfwd1i6M6YLTZ5OCm7SdgqP3cPrCj1apPQIAvo+LcmS84ep
hlBRYY5H05uzUOsR5Q0bCsG4iV4nRyeIy6Q4ZEc9vJSKqdD9cPvv4Zis2DtC37Pk
YBGWr+Pn9JojlEwH/+ZS8FHNywcYcT70uQ+yoByIbRR6XW8mW2Dz3jk6MuZw5Z6A
wkLDAfgFbVZDQgGARgZUXIqcmvuMDW/GVGeX+GexficaDQkCFRpGifdN5MpKydGi
yaGPViGmCY/sQsgmU/YA7NkDtSD+QSbWHSlMbccL7EowudxKpXGsfelnphJeWhWN
ps1SOHIMCamtTLtH+NVupDf6OA306m/E+bYbYSioozLiMBqgaDqrs+htzemZGoIj
qEVse7bhuEi5e3KZSNTWkKpVTK4+PpQbKvdgQaKcYUNjEGflE3T7hUPuWewwEAjH
QhsO22shpK1FigV3BfNufjTAnwKFD+ScecfTlUfKQb11Y41kFwl6MjG+HO5ech98
tUmrbofv/326PXRFYVkWuJ5mCUij4cNXnLHf5KdyyEYBFQ9XYHt7q/jORWD0CAK5
Ag0EWuhWvgEQAMSOe4vYXzqQ7wAy0vpox2HaF7JrWdNvRs14bxN1U27CyBNkL0+Y
yu4eKVnve+87h9yUT0FFE0X7h/kE8AOpWoQBjMb0iD9ssBAGfg1s9Qg+/Q9GKjir
Fh5F4GxViM5AtxTJVE0hPUWh6iWon9Zn/HTLjECtUItUCj5ixd3ZrSVyUyv0mmEM
Ok5QcXFcNEb6C1lF0trbguLzMLiQD84yWm+OmQ7uUSmgBJG2zffsCcTpqZRgMaDd
nY8HSGms6KQZWfyzHSC6hWQH4+tZoKpgKMZ9HAkS6+m5+wrn929lPpTvQjtyQiap
6whA6CppjSJSa8jlfs2QnLNcqoRFwE7k/2IcAN/tiOt0ke46mNyRWIUEcKvY/pvn
1Li+NDvNgkmH7rFNEXJqc896WtqXF83YxjJnVwp7IHAEPAwMo+oF54SU+pj5xgW9
UqM8QU73gcvNqDrGFSgz8MSB9hLe+g0Qk9z2Q4QuHkCr1yJvwqfRkdeb5V1+tHss
+2v3h6GfdadnCABsesvlTxRrRACcT9i+deINhhSKn+C6K9VLmf47IkWqyw7KjHK+
KVVe8RAyR8lYIDJ0ZzfFaOfW6o6ikQYsLBjLQgkNZuOCqILFRtFE5sv46Rp4dEr8
VaH5PasyiCwfOT4zEDmuJQJIyp+iQctdnhaQKw0qztFe0cZRGeD8XzH9ABEBAAGJ
AiUEGAEKAA8FAlroVr4CGwwFCQHihQAACgkQuGLSCdkNob8e2RAAlsEOKL79Ya/i
WZ6q6/GfQYXB5TVoRmwzyd9Ebv5LZ49QyV/hQ5crJzMnc9hAeVmZCRApRWhlv4M6
8Q5dbwyP9Q0VTY0hL9u7jHv7yBXzCkxnbMaj0nwoFueYhY5irOIRTtmhe+rJrUIl
xUREl6UzcMy/4CSu6NMmjZ0RJhzvcy44UDUAsEp+VU5Q6p1PxLsrWDlODoahPBuy
kSCul/cq/v114cDji+nnHf/cDdMN4G8RhUTVeojk9g8asP0wTsgnhU0KJyfQG8Cz
mJN0iq+bwDJZ979XP9quv3K/yGFsRB3Y6Jdlkk8oTHiS55YuAI7sC1l0ujppDlqt
/J4sIOnYF2JEZ8aTEVxgoLhsDZlOBWRqp8rico5RnBcsh7a8JdzMMfUd6prrTnj7
r6CSAMPAmZ6+lTrBQRiImZFAfoiKzFfvdAJ9QTNw3x9yFyJcfvXdM7+r2BD5dI2N
+ZwCXLqpNaw21u8kQbnN28mhg08EXFWmJhl2Qm9Lrjm/Rq64bkmazT/6ZP1rGrVp
PB/tjBlyBECaLFn27YhLR2eOTULQtDfKGEU1i9dRWYPFeN1qOvO9YSRY0nYUMplM
tINQ2mbFihengMUIrQDdmGA5jI3U8J4N7efxlCHzkPDkIByFBedkXnnXT9csbF96
oFP29Gvmk1kcDFIwhVBvZv8eQZRfYWE=
=G+yT
-----END PGP PUBLIC KEY BLOCK-----
                            
                        
Key Id:
D90DA1BF
Type:
RSA
Key Size:
4096
User Id:
security@chargeover.com
Fingerprint:
644D 5E46 AAEF 8C58 29F7 D186 B862 D209 D90D A1BF
Expires:
2019-05-01

Vulnerability Scanning & Patching

Data Security

The following data is encrypted at rest within ChargeOver (there may be other data that's encrypted at rest as well, but at the very least this much is):

  • ACH bank account numbers, routing numbers, name on the bank account, bank account address information
  • Configuration data (e.g. how you have configured ChargeOver)
  • API and webhook credentials and settings (webhook URL, API public/private keys, etc.)
  • SMTP/Sendgrid/Mandrill/Mailgun credentials
  • Credit card numbers, name on card, credit card address information, client-side encryption tokens, client-side encryption options,
  • Payment gateway credentials and tokens
  • Integration credentials and configuration (includes any API keys, etc. entered for integrated applications)

Comes with all the features you need for recurring billing.

Try it Free Request a Demo