Payment Data Storage
Payment data is transmitted directly to the payment processor’s servers. Card numbers, CVV codes, and bank account numbers are stored by the payment processor in PCI-compliant vaults. Measure stores secure tokens that reference the payment methods without containing sensitive data. Payment processors maintain PCI-DSS Level 1 certification. Only the last 4 digits, expiration date, and payment method type are visible to Measure and the business. Learn more about Stripe’s security.Payment Link Security
Payment and invoice links are protected with authentication tokens that expire after a period of time. Email verification may be required to access invoice links, ensuring only authorized recipients can view and pay invoices.Bank Account Connections
Bank account connections for reconciliation are processed through Plaid. Bank login credentials are not stored or accessible to Measure or the business. Account information is stored by the payment processor. Only the last 4 digits of the account number are visible to the business.Data Visibility
Businesses using Measure can access customer name and email, payment amounts and dates, last 4 digits of payment methods, and payment status. Businesses cannot access full bank account or card numbers, bank login credentials, or card CVV codes.Security Standards
- PCI-DSS Level 1: Payment methods stored in the payment processor’s PCI-compliant vault
- SOC 2 Type 2: Measure is independently audited for security controls. View Trust Page