Security & Compliance

Security & compliance are the foundation, not a feature

Your card data sits on a PCI DSS Level 1-qualified compliance base — plaintext PANs never touch your servers. We carry the heaviest part of compliance at the base, so you collect faster and steadier.

Base compliance (via a card-network-audited provider)

The card vault is built on a licensed compliance provider, whose platform holds:

PCI DSS Level 1

SOC 2 Type II

ISO 27001

HIPAA

Note: the above are the base provider's certifications (a PCI DSS Level 1-qualified, card-network-audited provider). KeepPay's vault runs on that compliant base, so plaintext PANs never enter KeepPay or your own environment.

What KeepPay does for security

🧩

Tokenize on capture

The card is tokenized in the user’s browser, never touching your front or back end.

🚫

No plaintext at rest

Your systems, logs, and database hold only tokens — no plaintext PANs.

📉

Shrink your PCI scope

Because plaintext never passes through your environment, your PCI scope shrinks dramatically.

🔒

Encryption in transit & at rest

Data is encrypted end to end.

🌐

Data residency / private

Choose where data lives per regional rules; Enterprise supports private deployment.

👤

Least privilege & audit

Controlled admin access with action logging.

Specific compliance or data-residency requirements?

We'll tailor a plan to your region and scenario.