Trust at Paylera
This page is the high-level trust story. The pages that follow drill into specifics — PCI scope, data protection, encryption.
Service levels
| Surface | Availability target | Latency p99 |
|---|---|---|
| Public API — read | 99.9% | 150 ms |
| Public API — write | 99.9% | 400 ms |
| Public API — money-moving | 99.95% | 800 ms |
| Webhook ingress (provider → Paylera) | 99.95% | 200 ms |
| Webhook delivery (Paylera → you) | 99.95% | 2 s |
| Hosted checkout & customer portal | 99.95% | 400 ms |
Targets are 28-day rolling. Public status: https://status.paylera.io.
Certifications
- PCI-DSS — SAQ-A as a service provider. Card data does not transit Paylera systems. See PCI scope.
- SOC 2 Type II — annual report covering Security, Availability, Confidentiality. The latest report is available under NDA via the dashboard’s Settings → Legal → Compliance.
- GDPR & UK GDPR — DPA available; sub-processor list maintained on the dashboard.
- ISO 27001 — in progress; certification target Q4 2026.
Hosting
Production runs on multiple AWS regions in active-active configuration
(us-east-1, eu-west-1, with ap-southeast-2 as a planned third).
Customer data residency is configurable per tenant: pick us, eu, or
apac at tenant creation. Data residency is enforced at the database
level — no cross-region replication outside the chosen region.
Encryption
- In transit: TLS 1.3 mandatory at every public endpoint.
- At rest: AES-256-GCM via cloud-provider KMS (AWS KMS); per-tenant data keys wrapped by a region-pinned KEK. Provider secrets and PII fields use envelope encryption with a separate KEK rotated on a documented schedule.
See Encryption & key management for the mechanics.
Backups
- Database: continuous WAL archive + daily full snapshot. RPO 5 minutes; RTO 1 hour.
- Object storage (PDFs, exports): cross-region replication within the residency region.
- Test restores: quarterly, results published in the SOC 2 report.
Incident response
- 24/7 on-call rotation; pages on SLO burn rate (14.4× over 5 min) or any P1 customer report.
- Post-incident reviews published on https://status.paylera.io within 5 business days for any outage of 5+ minutes.
- Customer-impacting incidents trigger an in-app banner and an email to the configured operations contact.
Penetration testing
Annual third-party pen test. Findings are remediated on a calendar that scales with severity (critical: 7 days; high: 30 days; medium: 90 days). Summary letter shareable under NDA.
Vulnerability disclosure
We run a managed disclosure programme. To report a vulnerability:
- Email:
security@paylera.io(PGP key at https://paylera.io/.well-known/security.txt). - Or via our HackerOne programme: https://hackerone.com/paylera.
We acknowledge within 24 hours, triage within 72 hours. Bounties scale with impact.
What you inherit
By integrating with Paylera, you inherit:
- PCI scope reduction to SAQ-A (your servers never see card numbers).
- Hardened payment provider integration (HMAC verification, idempotent retries, raw-body preservation — the easy stuff to get wrong).
- Audit trail for every operator action against your tenant data.
- Data subject request fulfilment with a documented API surface.
- Regional data residency per tenant.
What’s still your responsibility
- Authenticating your end users before exposing their billing data.
- Securing the Paylera API tokens you mint.
- Verifying webhook signatures before processing deliveries.
- Filing tax returns (Paylera computes; you file).
- Honouring DSRs for the data your application stores about your customers — Paylera handles the data Paylera stores; the data you hold is yours.
Where to next
- PCI scope — the precise division of responsibility.
- Data protection & DSR — privacy controls, retention, DSR fulfilment.
- Encryption & key management — how secrets and PII are protected.