Security Statement
Last Updated: March 21, 2026
At PayIt2, security is foundational to everything we do. When organizers and donors trust us with their money and personal information, we take that responsibility seriously. This page outlines the measures we have in place to protect your data and transactions.
1. Payment Security
PayIt2 partners with Stripe, one of the world's most trusted payment processors, to handle all financial transactions. This means:
No card data stored
Credit card numbers, bank account details, and other sensitive payment information are sent directly to Stripe. PayIt2 never stores, processes, or has access to full payment card data on our servers.
PCI DSS Level 1
Stripe is a certified PCI DSS Level 1 Service Provider, the highest level of certification in the payment industry. By using Stripe, PayIt2 transactions benefit from these rigorous standards.
3D Secure support
Stripe supports 3D Secure authentication (such as Visa Secure and Mastercard Identity Check) for an added layer of cardholder verification on eligible transactions.
Real-time monitoring
Stripe uses machine learning to monitor transactions in real time, automatically flagging and blocking suspicious or potentially fraudulent activity before it impacts organizers or donors.
2. Encryption
All data transmitted between your device and the PayIt2 platform is encrypted using TLS (Transport Layer Security), the same encryption standard used by banks and financial institutions. This protects your information from interception during transit.
Sensitive data stored on our servers is encrypted at rest using industry-standard AES-256 encryption. Database backups are also encrypted to ensure your information is protected at every stage.
3. Infrastructure Security
PayIt2's infrastructure is built with security as a core design principle:
- Cloud hosting: our platform runs on enterprise-grade cloud infrastructure with built-in redundancy, automatic failover, and geographic distribution
- Network security: firewalls, intrusion detection systems, and DDoS mitigation protect our servers from unauthorized access and attacks
- Regular updates: we promptly apply security patches and updates to all system components to address known vulnerabilities
- Backup and recovery: automated daily backups with encrypted storage ensure we can recover data in the event of an incident
4. Access Controls
We strictly limit access to user data and production systems:
- Access to sensitive data is restricted to authorized personnel on a need-to-know basis
- Administrative access requires multi-factor authentication (MFA)
- All access to production systems is logged and audited
- Employee access is reviewed regularly, and permissions are revoked promptly when no longer needed
5. Fraud Prevention
PayIt2 takes a multi-layered approach to preventing fraud on the platform:
- Stripe Radar: all transactions are automatically screened by Stripe Radar, which uses machine learning trained on data from millions of businesses to detect and block fraud
- Campaign monitoring: we review campaigns for signs of fraudulent activity, misleading descriptions, or violations of our Terms of Service
- User reporting: donors and community members can flag suspicious campaigns for review. We investigate all reports promptly.
- Identity verification: Organizers receiving payouts are verified through Stripe's identity verification process, which may include document verification for larger payout amounts
6. Data Handling
We follow data minimization principles, collecting only the information necessary to provide our services. Key practices include:
- Personal information is used only for the purposes described in our Privacy Policy
- We do not sell personal data to third parties
- Data is retained only as long as necessary for business and legal purposes, then securely deleted or anonymized
- Third-party service providers with access to user data are contractually required to maintain equivalent security standards
7. Incident Response
Despite our best efforts, no system is immune to every possible threat. We maintain a documented incident response plan that includes:
- Detection: continuous monitoring and alerting to identify potential security incidents quickly
- Containment: immediate steps to limit the scope and impact of any confirmed incident
- Notification: if a security breach affects your personal data, we will notify impacted users promptly and in accordance with applicable laws
- Remediation: thorough investigation, root cause analysis, and implementation of measures to prevent recurrence
8. Your Account Security
Security is a shared responsibility. We recommend the following practices to help protect your PayIt2 account:
- Use a strong, unique password. Choose a password that is at least 12 characters long and not reused from another service. Consider using a password manager.
- Keep your credentials private. Never share your password or account login with others.
- Monitor your account. Review your transaction history and campaign activity regularly. If you see anything unexpected, contact us immediately.
- Beware of phishing. PayIt2 will never ask for your password via email. If you receive a suspicious message claiming to be from PayIt2, do not click any links. Forward it to help@payit2.com.
- Log out on shared devices. Always log out of your PayIt2 account when using a public or shared computer.
9. Reporting a Security Concern
If you discover a security vulnerability or suspect unauthorized activity on your account, please contact us immediately:
Security Contact
Email: help@payit2.com
Subject line: "Security Concern"
We take all reports seriously and will investigate promptly. We appreciate the community's help in keeping PayIt2 safe for everyone.