Skip to main content
All CollectionsMulti-Platform Subscription App (Not for Shopify)FAQ - Frequently Asked Questions
Is PayWhirl Secure?
Is PayWhirl Secure?

How do you protect customer data? Are payment forms & widgets secure & PCI compliant? Do I need a SSL certificate? Do you have SOC Reports?

Ryan P. avatar
Written by Ryan P.
Updated over 2 weeks ago

At PayWhirl, security is at the heart of everything we do. Our entire platform—from our website and embedded customer portals to our widgets and API—is designed with robust security measures to protect your data.

Secure Connections & Data Encryption

  • HTTPS & TLS Encryption: All communications with PayWhirl are secured via HTTPS. Our website, portals, widgets, and API are served over SSL using TLS 1.2 encryption (and continually updated to meet evolving standards). Our SSL certificates are provided by Let's Encrypt—a trusted authority backed by major funders and sponsors, including AWS, IBM, Cisco, Shopify, Chrome, Mozilla, and others.

  • Custom Subdomains: Even your custom subdomain (for example, company-name.paywhirl.com), which powers your customer portal and other tools, is served over SSL to ensure that every interaction is encrypted.

Tokenization & PCI Compliance

  • Data Tokenization: All credit card and bank-related information is tokenized on the client side using secure libraries before it ever reaches our servers. This means that sensitive data is never stored or processed on our backend.

  • Direct Gateway Storage: We use PCI-compliant methods to handle customer card data. Instead of storing payment details on our servers, your information is securely transmitted to and vaulted by your chosen payment gateway—such as Stripe, Braintree, Spreedly, and others—each of which has been validated as a PCI DSS Level 1 service provider.

Industry-Leading Security Standards

  • PCI DSS v4.0 Compliance: We are proud to announce that PayWhirl now meets the latest PCI DSS v4.0 requirements—the current gold standard in payment security—and our compliance is valid until February 7, 2026. We conduct regular security reviews and are happy to provide the relevant documentation upon request.

  • AWS Infrastructure & SOC Reports: Our platform is hosted on Amazon Web Services (AWS), known for its high security standards. AWS undergoes regular SOC 1, SOC 2, and SOC 3 audits, and these reports are available to you upon request.

  • Trusted Payment Gateways: In addition to our secure AWS infrastructure, many of the payment gateways we use—such as Stripe, Braintree, Spreedly, and others—have demonstrated their commitment to security by maintaining SOC 3 compliance and up-to-date Attestations of Compliance (AoC). These certifications provide further assurance that your payment data is processed and stored according to the highest industry standards.

Your security and trust are our highest priorities. If you have any questions or concerns about our security practices, please feel free to contact us at any time.

Stay secure,
The PayWhirl Team

Related Articles
What payment processing gateways can I use with PayWhirl?
How to connect PayWhirl to Authorize.net for recurring payments
How to accept Authorize.net eCheck ACH Payments with PayWhirl
How to switch payment gateways
Does PayWhirl support Strong Customer Authentication (SCA) and 3D Secure (PSD2)
Did this answer your question?