Payment security

Your customers are hesitant to pay online? Here’s what protects their data: no card numbers ever pass through PayFacile, payments are encrypted end-to-end, and strong authentication is enabled automatically.

This is the most critical point: when your customer enters their card information, it is sent directly to Stripe via an embedded form (Stripe Elements). PayFacile only receives a payment confirmation and a transaction identifier. Your card data stays exclusively with Stripe.

Stripe is certified PCI DSS Level 1, the highest compliance level in the payment industry. This certification covers collection, processing, and storage of card data.

By using Stripe as a payment processor, you benefit from this compliance without managing it yourself. No PCI DSS steps required on your end.

All PayFacile pages (dashboard, sales pages, checkout) are served over HTTPS with a valid SSL certificate. Data exchanged between your customer’s browser and our servers is encrypted.

European regulation (PSD2) requires strong customer authentication (SCA) for online payments. Stripe automatically triggers 3D Secure when the customer’s bank requires it. You don’t need to configure anything on the PayFacile side.

For SEPA direct debits, GoCardless manages the creation and storage of debit mandates. The customer signs an electronic mandate during the first payment.

PayFacile is hosted on Meteor Galaxy EU West 1 (Ireland). Your business data (orders, customers, products) is stored in the European Union. Payment data is held by Stripe and GoCardless, who also have European infrastructure.

Your customers see a recognized Stripe payment form, an SSL padlock in the address bar, and 3D Secure authentication from their bank. You don’t need to configure anything—it’s all active by default.