About ChargeOver

ChargeOver offers subscription billing and recurring billing management solutions for businesses across many industries.

ChargeOver takes data security very seriously. We understand that you're trusting us with your data, and we do everything possible to keep that data secure and continuously look for opportunities to make improvements. As an overview:

  • House all of our servers in secure, US-based data centers.
  • Filter all incoming and outgoing traffic through hardware firewalls.
  • Do not utilize wireless access at all within our network.
  • Store all possibly sensitive data encrypted on our servers.
  • Only allow incoming connections into our network via industry-standard SSL/HTTPS encrypted sessions.
  • Regularly run penetration-testing exercises and vulnerability-checks against our network.
  • Track and monitor incoming and outgoing connections extensively.
  • Utilize industry-standard 256-bit encryption for all SSL connections.
  • Perform weekly, ASV-certified security scans/audits, internal and external network scans, and other PCI compliance checks.

PCI Compliance

ChargeOver is PCI-DSS compliant

The Payment Card Industry Data Security Standard (PCI DSS) is a set of policies and procedures that have to be followed by the organizations that process, store or transmit card data. The PCI Security Standards Council is governed by the five major payment card brands - American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.

Monitoring

We utilize both internal and multiple external monitoring services to monitor ChargeOver. The monitoring systems will alert both operations and security team members through sms, pager and phone call notifications if there are any errors or abnormalities in application state.

Disclosure

We’re continually working to make our system secure. If you find any security issues, please submit it to security@chargeover.com. Security is our highest priority. We will make sure the issue is fixed and updated as soon as possible.

PGP Key

By default, we provide a PGP key to encrypt sensitive communication that you send to us.

                            
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFuZWdABEAC6OYXfPkTKYp0ud9ZcJabvZSo2jK5bH6RcYy/F4MVcnZf8c277
hDHxclPPQ3Agc51+iT/IdvjII4bYtZRyU/BcG+q3lmzA3FZAcS6JA/rK48essRhQ
m0fT0KQunYAgPWqNWlvMJhd2GNQg12z5g7Vv0817JixVS/kSNRZC+1+DERJUuruK
dRrGBEuaqNORxXKYs357ejWZk6eQdlP5Lo+Ci7CC+gIuYgBlZk6y/2WaFAhQZTUK
nKI2zTJ5zVRpFj0CDFbM1mkuTdIXw0/vTqadI4GoMYQagM1HPQ6yowao375tEv7V
8OVuUweBRPyMFrVN+rN3Vqw30dGFRw1VYMiNDIaLDnckrbu5zBTl3aNH9rn4c1Mg
RV3ZAr7Aaho3sOpr3Echm9gizg+xNA+RerI88DUQmmxLTqLLkFFmumox4ZY6SK10
rU4svg35iWXZtA8r5aAfthdm0jhOXYawe8TtBddyEpNPQbvKM2+73OExvpBmdjfF
hGDHdrBikFTx6tGzBJZ779s6ZISPiCKDVpTVjiguM74qN/fzNID1Cv80vFjYkEBv
AoZcAY5h61eFcBv0tLvf8+58r4nh80fuj/mxllO2htrHz5p1hlQOEscNLOSp3s5s
W57rCnYuO9Gg+GrV9jRDmKC+7csvcKtOMHdxW3czRuttspyPo1pxngLF7QARAQAB
tC1DaGFyZ2VPdmVyIFNlY3VyaXR5IDxzZWN1cml0eUBjaGFyZ2VvdmVyLmNvbT6J
Aj0EEwEKACcCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAluZWlQFCQHhNAQA
CgkQSjF4z4VYg0MnuA/+LjgXIB42hSDuhkzmZmK+UGMOcOVs1bOxt9hzKQ0+5PPm
N3Dz8vO72NqhrKMLg8qtfPntZgUjQQKLhF3GHDn6I0Gq2bBGgRb+nuvx5gru8v1J
G2MfziVqx7mJzJewkVELhAcpu4rOKNJlchsac7k9RMpsLjPTz4NIg1RIrXAUf6S8
8AZA8X/3EyOJ0qlnkMrWza0mBttR7QEAWIwp5Ja/QL3DigOdPy0j30BsP40wDh3S
CZFsn9n6EvVFsOxaRqH6ItEKirNbiMxoXfQgY+nu0oJ1pqSZfAzkYSFiebRdCtdE
+zhIgUTgb1xNMGItb3cEqjzImf9xEDf20TzSzRIBNAlqtcHH0JAo0jEqYQoSnqm8
KTxH3OGp73E1QlYg1hEbkpBKJiuC3jTRhGHTAmBW9AZ5PqmjOsPU+q5a3o0AxMeC
dGgzisvyATg6/ewKSs52qYOHnBHB026RVX0CH5DMTQliCaouBxrhWb/pmgzkso1P
wWftnHX96lLnQMmD7inWSSwoomai7KfHLSp2xjjc6YVRNaB5unKTtLNBV0mFy1wi
4WHNr8VQYW/ERJ+WfiYdrUOgiZSQKEaET8GkyAFFrHI0qtH+3sCfHKdT76g536fv
Teck41aRFFUVoHZheuRDbj8I7S8ZkT/abNV5sZLzx92Iazx2QTZGF4Np86wGEA+5
Ag0EW5lZ0AEQAProEO11dW5LggOpikdRapspAJGfjNNWSubJ7RHSrvJEq/f56JkV
6uMXoF+nfVnbbbnc7IPXh3m7YZr0M7NaDCT0MKyA4nh4VbP+LUCjQpYE1f3Mc7Nq
HXCWg0YZNNtu7Qu6mLv+pb/4xx+1P1j08O92+BmukNQvN+sZS3CXEFK8B1Iw0lWH
5MtT/bkyzsJBvpzqj2DRFSQ3LQJjXkFoKT0RDiJg7k5oxrmAn9m9ktjr9NGL+m1m
I0XDEAzubek/qmuXtFHzPWjoHs465bTTc/ZnfktPsu7yFAhnT8dgZo1DpTMjH2En
HHGOKDPJF55aI3l2QmGz8ZmEw+eOhBu98aSknxI2B6UB3zgRqCSCUOWBlgcK4J9y
wxHqIm+4JAXhYvottIfoD9fx1pIoujGFGFgprtvrvAJWzYd2CLDiW/4O1Pd6ibpk
OPl7WEysgVmxbHakxZ5/w7lu5ovoZqag30pxeU8218gYNrE8nUJsDGGRaCUa83bH
YmDvTfZYRtT5A53OFvdoXsqvN5MdBz2yRoYMHrsNO8S4mOmSzsOPKUKueSMmz+g1
oUQgM0CHM4xQYrXweRZMvOquc5wHqWyORouqDXL5qArMi9Ai5sieoFlFQMGk+aeh
xNYZIsocYNDHppdptbt13qf+RW20YyVT9Tq56+IsijL/OKDTAQ/Wr7GvABEBAAGJ
AiUEGAEKAA8FAluZWdACGwwFCQeGH4AACgkQSjF4z4VYg0N33Q/+NLzxaDuHU/3U
ciPXYC2aCSUJLyi+1HnT42YqaPw+MQ2//VAB6ykhzBzlDYWmWXjuwM/oA+LbtGGM
+ZZoTPQRHttUT02FhUAfAcPioE9m2r332y7PXN01RSQZuhG3t++TmRtT7qQmf8xg
4yCIUn3UEC4GMoiebpNX68NaN9aho62N6K+/iy1bI52GLXBEM67mdEHM9Vb0/0lj
lKmlaojFr99DOwJo6NdT8kXPrQIxUGmedFg7lS2kA3yCz7M1PO4rm8wZdSIoReKB
IDtFTKZ1ncAbc0iDgZvSrUUqlzMHyH6w+I+DYaHOGAHQUfpj8LN5AUMS6RKDMm/m
2GyK9kXFySxbM7CC73SYtHc3uade52DvO3l5rfY/d5B0XpS4H5paoLWt036UMdK8
cF8KgS2SmWCFQtAwED54lc+tI3ohOqTnLix1hlGC20p7h6KsjH00k6WVUF1jrOcZ
HkDohHAmxglw6JRQ/WrWbSPlmw6uVHKS2xy1bSsHAGiZhZzSAm/z6PFE7BD/FKim
bLLkKE4RgpxfgQHvCAwYOZs83yruNQaVbNaU8GF8DefqL7Oj8r5+lx6utQBpR4yZ
Dwoxv3FH0H5T3bduHlQlcC1VZ0sl1fsirzOtOOkFpFccv1Ie3ogfHzuikfHcd5ct
7MPZKeNLjp6MqA7DVAKgKCUSOkcmamc=
=eVeQ
-----END PGP PUBLIC KEY BLOCK-----
                            
                        
Key Id:
85588343
Type:
RSA
Key Size:
4096
User Id:
security@chargeover.com
Fingerprint:
1D1D 7287 E895 225F B03A 9D8D 4A31 78CF 8558 8343
Expires:
2019-09-12

Vulnerability Scanning & Patching

Data Security

The following data is encrypted at rest within ChargeOver (there may be other data that's encrypted at rest as well, but at the very least this much is):

  • ACH bank account numbers, routing numbers, name on the bank account, bank account address information
  • Configuration data (e.g. how you have configured ChargeOver)
  • API and webhook credentials and settings (webhook URL, API public/private keys, etc.)
  • SMTP/Sendgrid/Mandrill/Mailgun credentials
  • Credit card numbers, name on card, credit card address information, client-side encryption tokens, client-side encryption options,
  • Payment gateway credentials and tokens
  • Integration credentials and configuration (includes any API keys, etc. entered for integrated applications)

Comes with all the features you need for recurring billing.

Try it Free Request a Demo