SECURITY & COMPLIANCE

Confidentiality, integrity, and availability

Confidently scale your subscription business backed by the best security and compliance platform in the subscription industry.

Book my demo Try it free
lines Credit card PCI red lock

Grow with confidence. Recurly has your back with world-class security and compliance built into every offering.

Safeguard all data

Safeguard all data

World-class security at work 24/7/365 to protect your—and your customers’—data. Recognized on the Visa Global Registry of Service Providers, Recurly’s PCI-DSS Level 1 compliant platform meets or exceeds all industry-standard payment security practices.

Ensure proper access

Ensure proper access

Secure and protect the application and data by using robust, configurable user access controls. Maintain a compliant, best-practices approach while ensuring those who need data access can get what they need.

Ensure proper access

Extend compliance globally

Confidently expand into new markets without compliance concerns. Our platform and practices are continually updated, tested, and enhanced to ensure our customers’ compliance with global and local mandates.

Key measures

Industry-leading data, application, and network security infrastructures with built-in adherence to global compliance mandates.

Recurly has you covered

Focus on your business—we’ve got security handled. All customer data is encrypted—at rest and in transit—and sensitive data is securely stored in tools like Google KMS. Best-in-class tools work 24/7 to secure and monitor our infrastructure and networks.

  • PCI Data Security Standard Level 1 compliant
  • Full-time advanced customer data encryption
  • Industry-standard web application secure coding guidelines
Learn more
Shield Key Encryption
2 people Google cloud green arrow

Always-on reliability

Keep business moving faster—Recurly will match your pace. Built on highly scalable, industry-leading service providers such as Google Cloud, our platform allows you to scale confidently—and instantaneously—without disruption.

  • Industry-leading platform tools
  • Reliable and scalable
  • Grow globally without platform changes

Robust access controls

Ensure proper access with configurable user roles and permission controls that fit the way you work. Recurly works behind the scenes to enforce and audit access with SAML, SSO, and audit logs.

  • Two-factor authentication
  • Secure single sign-on (SSO)
  • Robust and flexible user controls
Woman with laptop Account security Company users

Experience matters. Enjoy unmatched, proven scalability with Recurly.

40+

30+

2,200+

50M+

Proposify
Proposify

Recurly takes complex subscription billing issues like PCI compliance, mandates, GDPR, and more, and makes it a breeze for Proposify.

Chief Product Officer
Customer since 2011

Frequently asked questions

How is security and PCI compliance enforced at Recurly?

Recurly is PCI-DSS Level 1 compliant, a standard that specifies best practices and specific security controls. Cardholder data is sent directly to Recurly to minimize risk to your business. Recurly provides a secure environment that delivers above industry security standards and guidelines.

Does my business need to be PCI compliant?

All organizations processing credit card information, regardless of their deployment model, are required to be certified. Your merchant bank account requires your business to be PCI compliant, and Recurly helps meet those requirements.

How does Recurly protect sensitive information?

Sensitive information is stored using several layers of encryption in a segmented network with no public internet access. New encryption keys are generated on a daily basis, and existing keys are rotated on a regular basis. Sensitive information is encrypted by an SSL connection when in transit over public networks with SSL connections using TLS v1.2 or above. Learn more about subscription fraud trends.

Does Recurly follow web application development and security standard policies?

Recurly application development follows industry-standard secure coding guidelines. The application is segmented by function to maintain security.

How does Recurly ensure security of its platform?

Recurly is hosted on the Google Cloud Platform with the highest level and measures for security. All access to Recurly's network and services is strictly logged. Audit logs are reviewed on a regular basis. Internal and external network penetration tests are performed on a regular basis by third-parties. Two-factor authentication and strong password controls are required for administrative access.

Get started with Recurly

Book My Demo Try it free