Trust Center
Learn more about how Butter Payments ensures your data is securely handled across all solutions.
Security
Security is at the core of what we do. Our multi-layered approach includes continous monitoring, access controls, and integration of the latest security standards. Learn more about how we protect you.
Butter Platform
Secure Software Development: We follow best practices for secure coding, conduct regular vulnerability assessments, and perform thorough security testing to ensure our applications are resilient against potential threats.
Access Control and Monitoring: To safeguard your data, we enforce strict access control measures and continuous monitoring. Only authorized personnel have access to sensitive information.
Incident Response and Recovery: Our comprehensive incident response plan ensures quick and effective action in the event of a security incident.
Secure Authentication: We use multi-factor authentication (MFA) and single sign-on (SSO), to ensure that only authorized users can access our systems. These measures enhance security by adding an extra layer of protection to user logins.
Certification and Scrutiny: Our solution undergoes rigorous examination by independent certification organizations to validate its security and compliance with standards.
Data Security
We safeguard your data using robust security standards and controls. We ensure proper access mechanisms and focus on securing the data plane.
Butter Services
PCI-DSS Compliance: Our encryption methods adhere to standards set by the Payment Card Industry Data Security Standard (PCI-DSS).
Restricted Employee Access: Our system is elimnate direct access to underlying credit card information. Butter employees do not have the capability to view or access unencrypted PII.
Restricted Data Transmission: Transmitting encrypted PII outside of our vault requires stringent endpoint whitelisting and controls. Currently, this process is restricted to select major payment service providers like Stripe, Braintree, Worldpay, etc.
Certification and Scrutiny: Our solution undergoes rigorous examination by independent certification organizations to validate its security and compliance with PCI-DSS standards.
Encrypted Card Storage: Each card is encrypted within a dedicated merchant container vault, ensuring that sensitive information is securely compartmentalized. Additionally, we utilize UUIDs to reference encrypted cards, reducing any potential risk.
Certifications
PCI
The Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.
SOC
System and Organization Controls (SOC) reports are designed to help organizations demonstrate their commitment to operational excellence and risk management.
Resources
Retrieve proof of compliance or request something else to [email protected]
PCI AOC
View our Attestation of Compliance (AOC) certifying our adherence to PCI DSS security standards
PCI-SAQ-D
Learn how we ensure compliance with PCI DSS through the detailed Self-Assessment Questionnaire D (SAQ-D).
SOC 2 Type 2
Request full SOC2 report.
SOC 2 Letter of Attestation
Request the SOC2 letter of attestation.
3rd Party Penetration Testing
Retrieve a copy of our latest penetration tests.
Monitoring
The below items are controls currently monitored by Secureframe. All controls are reporting their compliance status in real time through integrations with internal tooling.