This article is designed to answer some common questions around security related to accepting payments with Payable Apps.

Yes! Because of the way we integrate with various payment providers (eg. PayPal, Square, Stripe). neither our systems or your documents ever transmit or store payment card data. All sensitive card data is encrypted directly in the client's browser and then sent directly to the payment provider - this makes it impossible for Payable or your Google Form to expose, leak, or allow personal card data to be hacked. Our API's and checkout page leverages SSL and SHA-384 with RSA Encryption cycled every 3 months.

Yes! Payable is currently processing at PCI Level 3 Volume Tier and completes the annual SAQ. The PCI Security Standards Council has published a series of changes to eligibility requirements for SAQ A, this allows partners and merchants the use input fields hosted by a payment provider to be eligible for the simplest PCI validation method SAQ A-EP.

Payable only has access to Google documents that our add-on was specifically activated on. We only transmit form data that is related to payments or includes a money amount in the answer. All other form data is ignored and not transmitted. We use these {label} - {amount} to set up the checkout and pass this on to the connected payment provider.