https://docs.novaza.ai/pay/Recent content in Novaza Pay on Novaza DocsHugoenhttps://docs.novaza.ai/pay/security/Mon, 01 Jan 0001 00:00:00 +0000https://docs.novaza.ai/pay/security/<h1 id="security--compliance">Security &amp; Compliance<a class="anchor" href="#security--compliance">#</a></h1> <p>Novaza Pay is designed so that sensitive payment instrument data never touches the Novaza workspace, Novaza Billing, or any customer-facing Novaza application. All handling of card numbers and bank account numbers is performed under the PCI-DSS compliance envelope of the upstream processing partners that Pay routes to.</p> <h2 id="tokenization">Tokenization<a class="anchor" href="#tokenization">#</a></h2> <p>When a customer adds a card or bank account to their workspace, the payment details are submitted directly to the upstream processor over a secure channel. The processor returns an opaque token that represents the payment method. Only the token, along with non-sensitive metadata (card brand, last four digits, expiry month and year), is stored on the Novaza side.</p>