Skip to content
  • There are no suggestions because the search field is empty.

How secure is my payment and account data?

Summary

This article explains how your payment and account data are protected when using the eCommerce platform. It covers secure payment processing through Stripe, strict access controls, encrypted data handling, audit trails for all transactions, and best practices like PCI DSS compliance. Customers are encouraged to use secure online payment methods, and only authorized personnel can access or update sensitive information, ensuring your data remains safe and confidential.

How Your Payment and Account Data Is Secured

1. Payment Processing & Data Flow

  • All payments (including subscriptions and document purchases) are processed through Stripe, a leading global payment gateway known for its robust security and PCI DSS compliance.
  • No credit card data is ever stored on your eCommerce site or internal systems. All sensitive payment information is handled directly by Stripe, which uses encryption and tokenization to protect cardholder data
  • Bank transfers, ACH, and checks are also supported, but customers are strongly encouraged to use online payment methods for maximum security and reliability

2. System Integrations & Data Handling

  • The eCommerce platform (aiacontracts.com), Stripe, BigCommerce, and NetSuite are tightly integrated using secure connectors (Celigo, SCN Stripe Connector, etc.).
  • Customer billing addresses are collected at checkout and securely transmitted to NetSuite and Stripe for invoicing and tax calculation. No unnecessary personal data is collected or stored
  • Sales tax calculations are performed by StripeTax, and all tax-exempt status is managed through ExempTax, ensuring only authorized personnel can update exemption status

3. Access Controls & Permissions

  • Refunds, credits, and coupon creation can only be performed by authorized Finance team members. This prevents unauthorized access or manipulation of payment data
  • Customer Support and Sales teams have access only to the information necessary to assist customers, not to full payment details

4. Data Integrity & Audit Trails

  • Every transaction (purchase, refund, credit, chargeback) is logged in both Stripe and NetSuite, with references and audit trails for reconciliation and dispute resolution
  • Disputes and chargebacks are managed through Stripe, with supporting documentation and evidence submitted securely by Finance

5. Security Best Practices

  • PCI DSS Compliance: Stripe is PCI DSS Level 1 certified, the highest standard for payment security.
  • Encryption: All payment data is encrypted in transit and at rest by Stripe.
  • No Manual Edits: Tax-exempt codes and sensitive metadata are only updated via secure integrations, never manually
  • Access Reviews: Only business emails are approved for tax-exempt status, and all exceptions require Finance approval

6. Customer Guidance

  • Customers are encouraged to pay via credit card or bank transfer for the most secure experience. Paper checks are accepted but are less secure and not recommended
  • If you need to pay by check or ACH, you are provided with secure instructions and must reference your Subscription ID to ensure proper application of funds

FAQs:

Is my credit card information stored on the site?
No, all payment data is securely handled by Stripe and never stored on the site.

Who can access my payment details?
Only authorized Finance team members have limited access for processing refunds and credits.

What is the most secure way to pay?
Online payments via credit card or bank transfer are the most secure and recommended methods.