SECURITY & COMPLIANCE

Confidentiality, integrity, and availability

Confidently scale your subscription business backed by the best security and compliance platform in the subscription industry.

icon-cursor-boxBook your demoTry it free
hero-image

Grow with confidence. Recurly has your back with world-class security and compliance built into every offering.

Logo Philippines

Safeguard all data

World-class security at work 24/7/365 to protect your—and your customers’—data. Recognized on the Visa Global Registry of Service Providers, Recurly’s PCI-DSS Level 1 compliant platform meets or exceeds all industry-standard payment security practices.

Logo Philippines

Ensure proper access

Secure and protect the application and data by using robust, configurable user access controls. Maintain a compliant, best-practices approach while ensuring those who need data access can get what they need.

Logo Philippines

Extend compliance globally

Confidently expand into new markets without compliance concerns. Our platform and practices are continually updated, tested, and enhanced to ensure our customers’ compliance with global and local mandates.

Key features

Industry-leading data, application, and network security infrastructures with built-in adherence to global compliance mandates.

Recurly has you covered

Focus on your business—we’ve got security handled. All customer data is encrypted—at rest and in transit—and sensitive data is securely stored in tools like Google KMS. Best-in-class tools work 24/7 to secure and monitor our infrastructure and networks.

  • PCI Data Security Standard Level 1 compliant
  • Full-time advanced customer data encryption
  • Industry-standard web application secure coding guidelines
Learn morecta-logo
image

Always-on reliability

Keep business moving faster—Recurly will match your pace. Built on highly scalable, industry-leading service providers such as Google Cloud, our platform allows you to scale confidently—and instantaneously—without disruption.

  • Industry-leading platform tools
  • Reliable and scalable
  • Grow globally without platform changes
image

Robust access controls

Ensure proper access with configurable user roles and permission controls that fit the way you work. Recurly works behind the scenes to enforce and audit access with SAML, SSO, and audit logs.

  • Two-factor authentication
  • Secure single sign-on (SSO)
  • Robust and flexible user controls
image

Global compliance

Wherever you grow, we know the rules. We’re SOC II Type 2 and PSD 2 compliant and meet CCPA, GDPR, and HIPAA requirements. We engage third party auditors and pentesters to ensure the highest quality standards.

  • SOC II Type 2 compliant
  • PSD 2 compliant
  • CCPA and GDPR compliant
  • HIPAA compliant
image

Experience matters. Enjoy unmatched, proven scalability with Recurly.

30+

integrated partners and gateways

2,200+

leading brands

100M+

active platform subscribers

140+

currencies accepted

Recurly takes complex subscription billing issues like PCI compliance, mandates, GDPR, and more, and makes it a breeze for Proposify."

Chief Product Officer

Customer since 2011

Frequently asked questions

Recurly is PCI-DSS Level 1 compliant, a standard that specifies best practices and specific security controls. Cardholder data is sent directly to Recurly to minimize risk to your business. Recurly provides a secure environment that delivers above industry security standards and guidelines.

All organizations processing credit card information, regardless of their deployment model, are required to be certified. Your merchant bank account requires your business to be PCI compliant, and Recurly helps meet those requirements.

Sensitive information is stored using several layers of encryption in a segmented network with no public internet access. New encryption keys are generated on a daily basis, and existing keys are rotated on a regular basis. Sensitive information is encrypted by an SSL connection when in transit over public networks with SSL connections using TLS v1.2 or above. Learn more about subscription fraud trends.

Recurly application development follows industry-standard secure coding guidelines. The application is segmented by function to maintain security.

Recurly is hosted on the Google Cloud Platform with the highest level and measures for security. All access to Recurly's network and services is strictly logged. Audit logs are reviewed on a regular basis. Internal and external network penetration tests are performed on a regular basis by third-parties. Two-factor authentication and strong password controls are required for administrative access.

Recommended resources

REPORT

2026 State of Subscriptions: The new rules for retention, AI, and trust

GUIDE

Ecommerce subscriptions playbook

LP Image 1030x1610 1

REPORT

State of Subscriptions: Digital media & entertainment

Get started with Recurly

Join thousands of global brands that trust Recurly's 15+ years of expertise

icon-cursor-box-whiteBook your demoTry it free
Recurly SubscriptionsRecurly CommerceRecurly EngageRecurly RevRecApp ManagementRecurly ReleaseTry it free
Resource centerBlogEventsBenchmarks & InsightsSupport & ServicesLogin
Integration methodsSecurity & CompliancePartners integrationsPartner ecosystem
Subscriptions documentationCommerce documentationEngage documentationRevRec documentationAPI ReferenceStatus
AboutLeadershipPress releasesCareersContact us
Privacy policyLegalDPACookie policyTerms of serviceSecurity & complianceModern slavery act statement

©2026 Recurly, Inc.