Recurly meets and exceeds all industry-standard payment security practices.
Sensitive information is stored using several layers of encryption in a segmented network with no public internet access.
New encryption keys are generated on a daily basis, existing keys are rotated on a regular basis.
Sensitive information is encrypted by an SSL connection when in transit over public networks.
SSL connections are limited to TLSv1, TLSv1.1, and TLSv1.2.
Recurly adheres to the PCI Data Security Standard (PCI DSS) for Service Providers.
Application development follows industry-standard secure coding guidelines.
Application is segmented by function to maintain security.
Recurly is hosted in a dedicated hosting environment with 24x7 security. Physical access to the network is strictly limited and monitored.
Private networks are strictly segmented according to function. Restrictive firewalls protect communication entering the network and between private networks.
All access to Recurly's network and services is strictly logged. Audit logs are reviewed on a regular basis.
Internal and external network penetration tests are performed on a regular basis by third-parties.
Two-factor authentication and strong password controls are required for administrative access.