Security & Trust

Last updated March 6, 2024

This document summarizes the security controls used to protect Paidnice software, systems and customer data.

Access Controls

Staff user logins

  • controlled with Google Account
  • Require strong passwords enforced by Google 
  • Use and require 2-factor authentication
  • Full audit logging via Google Workspace
  • All staff required to use password management with strong unique passwords

Paidnice application servers

  • Hosted with Salesforce Heroku Cloud platform
  • Login to Heroku requires 2-factor authentication
  • Full access logs
  • Activity logs
  • Secure multi-tenant cloud platform
  • Access restricted to engineering team and senior management

External Systems

Microsoft GitHub

  • Control access to application source code
  • Require 2-factor auth
  • All changes logs and reviewed
  • Software deployments managed via Github Actions and require engineer approval

Marketing, Billing and Customer Service tools

  • Intercom for customer support - secured with Google Account login
  • Mixpanel for product analytics
  • Stripe billing data - all credit card and customer billing information is stored with Stripe.
  • Paidnice does not handle credit card data directly. 
  • Access is restricted to senior staff and requires 2-factor authentication.

Software controls

Application access

  • All user logins managed with Okta’s (
  • All 3rd party tokens stored encrypted via AES 256
  • All data encrypted in transit via SSL
  • Data stored in Heroku Postgres database
  • Continuous Protection used to automatically and continuously backup all application data.
  • Data encrypted at rest via AES-256, block-level storage
  • Application access logged to Google Cloud