Recharge Trust Center
We’re proud to share our privacy, security, and compliance initiatives with you here.
Privacy
Putting your privacy first
At Recharge, we value privacy and handle personal information accordingly. Our merchants and partners can trust that we have taken steps to adhere to privacy standards and laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Learn more about how we handle personal information by reviewing our policies and agreements.
Security
Building security into everything we do
Security is at the center of how we do business every day to protect your data. We have integrated and continue to develop rigorous security activities across our platform, including software development practices, processes, and tools to keep your information safe.
-
Born in the cloud
Our services are maintained and hosted on Google Cloud Platform (GCP), which complies with an independently verified set of standards and frameworks (for example, PCI DSS, SOC 2&3, ISO 27000). Learn more.
-
Active bug bounty program
We maintain an active bug bounty program and contract with third-party organizations to conduct regular security tests to validate the effectiveness of our security controls. While our security team conducts frequent security reviews, we also encourage independent vulnerability reporting through our responsible disclosure page.
-
Product security
Our product development teams follow standardized processes with built-in security checks as well as complete security training programs to stay consistently vigilant for ways to maintain secure products and services.
The Recharge product security framework combines a holistic and practical approach that integrates security best practices throughout each phase of the software development process.
-
Operational security
We have designed and continue to make significant investments in operations to achieve optimum security and ongoing compliance of our services. We combine automation and skilled reviewers to filter intelligence from many sources to determine the necessary course of action. Our operating procedures include:
- 24/7 incident handling with defined escalation paths
- Data encryption (including TLS and AES256) at rest and in transit
- Secure system access management with multi-factor authentication
- Logging, monitoring, and alerting
- Vulnerability and patch management
- Security testing to identify and remediate vulnerabilities
- Maintenance and backup procedures
Availability & Uptime
Keeping your business online
Recharge services are cloud-native applications running on Google Cloud Platform (GCP). Our platform was designed with an emphasis on availability and resilience. Our recovery strategy leverages GCP global infrastructure by utilizing regions and zones, as well as inter-region capabilities, to achieve our Recovery Time and Recovery Point Objectives (RTO and RPO).
Recharge maintains a publicly accessible status page that provides real-time and historical data on our system performance, availability, and scheduled maintenance.
Compliance
Adhering to industry standards
In addition to the compliance afforded by our hosting platform, we comply with industry standards and regulations to help keep your data safe. The Recharge platform is certified as per Payment Card Industry Data Security Standard (PCI DSS), and our Service Organization Control (SOC2) Type II report describes the effectiveness of the current systems and controls in place. We also take active steps to monitor that our platform is usable by all individuals and review compliance with relevant standards, including the Americans with Disabilities Act (ADA).