Confidentiality, integrity, and availability
Confidently scale your subscription business backed by the best security and compliance platform in the subscription industry.
Grow with confidence. Recurly has your back with world-class security and compliance built into every offering.
Safeguard all data
World-class security at work 24/7/365 to protect your—and your customers’—data. Recognized on the Visa Global Registry of Service Providers, Recurly’s PCI-DSS Level 1 compliant platform meets or exceeds all industry-standard payment security practices.
Ensure proper access
Secure and protect the application and data by using robust, configurable user access controls. Maintain a compliant, best-practices approach while ensuring those who need data access can get what they need.
Extend compliance globally
Confidently expand into new markets without compliance concerns. Our platform and practices are continually updated, tested, and enhanced to ensure our customers’ compliance with global and local mandates.
Key measures
Industry-leading data, application, and network security infrastructures with built-in adherence to global compliance mandates.
Recurly has you covered
Focus on your business—we’ve got security handled. All customer data is encrypted—at rest and in transit—and sensitive data is securely stored in tools like Google KMS. Best-in-class tools work 24/7 to secure and monitor our infrastructure and networks.
- PCI Data Security Standard Level 1 compliant
- Full-time advanced customer data encryption
- Industry-standard web application secure coding guidelines
Always-on reliability
Keep business moving faster—Recurly will match your pace. Built on highly scalable, industry-leading service providers such as Google Cloud, our platform allows you to scale confidently—and instantaneously—without disruption.
- Industry-leading platform tools
- Reliable and scalable
- Grow globally without platform changes
Robust access controls
Ensure proper access with configurable user roles and permission controls that fit the way you work. Recurly works behind the scenes to enforce and audit access with SAML, SSO, and audit logs.
- Two-factor authentication
- Secure single sign-on (SSO)
- Robust and flexible user controls
Global compliance
Wherever you grow, we know the rules. We’re SOC II Type 2 and PSD 2 compliant and meet CCPA, GDPR, and HIPAA requirements. We engage third party auditors and pentesters to ensure the highest quality standards.
- SOC II Type 2 compliant
- PSD 2 compliant
- CCPA and GDPR compliant
- HIPAA compliant
Experience matters. Enjoy unmatched, proven scalability with Recurly.
40+
secured partner integrations
30+
partner and gateway integrations
2,200+
global brands on Recurly
50M+
active subscribers globally
Recurly takes complex subscription billing issues like PCI compliance, mandates, GDPR, and more, and makes it a breeze for Proposify.
Frequently asked questions
How is security and PCI compliance enforced at Recurly?
Recurly is PCI-DSS Level 1 compliant, a standard that specifies best practices and specific security controls. Cardholder data is sent directly to Recurly to minimize risk to your business. Recurly provides a secure environment that delivers above industry security standards and guidelines.
Does my business need to be PCI compliant?
All organizations processing credit card information, regardless of their deployment model, are required to be certified. Your merchant bank account requires your business to be PCI compliant, and Recurly helps meet those requirements.
How does Recurly protect sensitive information?
Sensitive information is stored using several layers of encryption in a segmented network with no public internet access. New encryption keys are generated on a daily basis, and existing keys are rotated on a regular basis. Sensitive information is encrypted by an SSL connection when in transit over public networks with SSL connections using TLS v1.2 or above. Learn more about subscription fraud trends.
Does Recurly follow web application development and security standard policies?
Recurly application development follows industry-standard secure coding guidelines. The application is segmented by function to maintain security.
How does Recurly ensure security of its platform?
Recurly is hosted on the Google Cloud Platform with the highest level and measures for security. All access to Recurly's network and services is strictly logged. Audit logs are reviewed on a regular basis. Internal and external network penetration tests are performed on a regular basis by third-parties. Two-factor authentication and strong password controls are required for administrative access.
Recommended resources
Get started with Recurly
