All payment processing runs through Stripe. When you enter a card number to Purchase Credits or a plan, that number goes from your browser directly to Stripe’s servers over an encrypted connection. Loupely’s servers are not in the path. Loupely never receives, handles, or stores your card number, expiry date, or CVV.
Stripe is PCI Service Provider Level 1 certified, which is the highest level of certification in the payment industry. Card data is encrypted at rest with AES-256 and transmitted with TLS.
What Loupely stores about your payments #
The record of what you purchased, when, and at what price. This is the information needed to maintain your credit balance and activate your plan. The Stripe customer ID is stored to allow the Billing Portal to recognize you. None of this constitutes payment credentials.
The Billing Portal #
Stripe’s Billing Portal is a Stripe-hosted page. When you click Manage Billing from your Loupely dashboard, you’re on Stripe’s infrastructure, not Loupely’s. Your card details live there, under Stripe’s security, not in Loupely’s systems.