- Certifications
- Security Practices
- Risk Management
- Data Privacy
- Resilience and Business Continuity
- Responsible Disclosure Program
- Contact Us
Chargebee prioritizes security and has established robust compliance practices to protect customer data and provide assurance across our services. Security remains integral to our operations, supported by globally recognized security frameworks and certifications.
1. Certifications
ISO 27001:2022
Chargebee is certified under ISO 27001:2022, an internationally recognized standard that sets requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). Chargebee’s ISMS covers key areas such as security policies, risk management, access controls, cryptography, physical security, and supplier relationships. This certification affirms that we have robust controls in place for managing data securely, and we undergo regular assessments to ensure ongoing compliance with this global standard.
SOC 2 Type II
Chargebee's SOC 2 Type II compliance confirms our robust data security, availability, and confidentiality practices. Annual assessments by third party auditors validate our operational controls, ensuring accountability and demonstrating Chargebee’s commitment to maintaining high standards for data protection.
To request a copy of the compliance report or certification, please contact us at support@trainn.co.
Data Privacy Framework
Chargebee is certified under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework relating to the transfer of personal data from the EU, UK, and Switzerland to the USA.
2. Security Practices
Application Security
Secure Coding Practices
Chargebee follows effective secure coding practices throughout the software development lifecycle to address vulnerabilities, including those highlighted in the OWASP Top 10. Our developers attend regular secure coding training sessions and perform detailed code reviews to maintain high standards of security and quality.
Vulnerability Management
Chargebee employs robust vulnerability management processes, including automated scanning, manual testing, and timely remediation. Vulnerabilities identified are prioritized based on risk and swiftly addressed by our security and development teams.
Regular Security Testing
We conduct regular penetration tests and security assessments by certified third party experts to proactively identify and mitigate security vulnerabilities, ensuring continuous improvement of our security posture.
Authentication
Chargebee has implemented strong authentication mechanisms, including Role Based Access Control (RBAC), and Single Sign On (SSO)/SAML based integration with leading identity providers. These measures enhance security and streamline user access management.
Infrastructure Security
Cloud Infrastructure
Chargebee utilizes secure, reliable cloud providers that implement rigorous physical and logical security measures to ensure infrastructure protection.
Physical Security
Chargebee relies on reputable cloud infrastructure providers to host its services. These providers maintain stringent physical security measures at their data centers, including biometric authentication, two factor access control, video surveillance, and 24x7 security personnel to ensure robust protection against unauthorized access.
Network Security
Chargebee’s network security includes advanced firewall protection, Distributed Denial of Service (DDoS) mitigation, and measures to prevent Man In The Middle (MITM) attacks. Regular internal scans and external Vulnerability Assessment and Penetration Testing (VAPT) further reinforce our network defenses.
Monitoring and Logging
Chargebee maintains a 24x7 Security Operations Center (SOC) team continuously monitoring infrastructure and application activities. Advanced logging mechanisms facilitate timely detection, investigation, and response to security incidents.
3. Risk Management
Vendor Risk Assessment
Chargebee evaluates third party service providers to ensure they meet our security and compliance standards. As part of our third party risk management process, we conduct both initial and ongoing assessments that include vendor screening, review of security certifications, independent audit reports, and evaluation of the security measures implemented by the service providers.
Internal Risk Assessments
Chargebee regularly performs internal risk assessments to proactively identify, evaluate, and address potential security risks within our operations. These assessments support ongoing improvement of our security posture.
4. Data Privacy
As a global organization, Chargebee is committed to protecting personal data through robust technical, organisational and contractual measures in accordance with applicable laws, including:
General Data Protection Regulation (GDPR)
Chargebee operates in compliance with the EU and UK GDPR, offering data processing agreements, standard contractual clauses, and assistance for customer obligations such as exercise of data subject rights, conducting data protection impact assessments, etc.
California Consumer Privacy Act (CCPA)
Chargebee complies with CCPA, ensuring that the privacy rights and protections of California residents are maintained. We offer transparency regarding data collection and usage, and provide customers control over their personal data in line with CCPA requirements.
Data protection principles
Chargebee’s data handling practices, internal processes and policies are grounded in the core principles of data protection law, including:
Lawfulness and transparency: Personal data is collected only when there is a valid legal basis to do so. Clear notices are provided and consent is obtained where required, ensuring transparency and fairness in how data is collected and processed.
Purpose limitation: Data is collected and processed only for specific and legitimate purposes.
Data minimization: Only the minimum necessary information required for the intended purpose is collected and processed.
Training and Awareness
At Chargebee, all employees undergo mandatory privacy and information security training as part of onboarding, with annual refreshers to ensure continued awareness of evolving regulations and threats. Awareness is also enforced through targeted, role based training.
Contractual safeguards
Chargebee ensures that all personnel handling personal data are bound by confidentiality obligations as part of their engagement with Chargebee. Chargebee also ensures that appropriate contracts and clauses are included in the engagement with third parties, including data processing agreements and standard contractual clauses.
5. Resilience and Business Continuity
Incident Management
Chargebee has a structured incident management process for timely identification, response, and resolution of security incidents to minimize impact and maintain service reliability.
Business Continuity Plan
Chargebee maintains a comprehensive business continuity plan to ensure operational resilience and uninterrupted service delivery during disruptions or unforeseen events.
Disaster Recovery
Chargebee’s disaster recovery strategy includes regular backups, failover mechanisms, and recovery testing to quickly restore services and minimize downtime.
6. Responsible Disclosure Program
Chargebee encourages responsible disclosure of security vulnerabilities. Security researchers can confidentially report vulnerabilities to our security team, promoting secure practices and responsible cooperation. For details, please refer to our Responsible Disclosure Policy.
7. Contact Us
Please reach out to us at support@trainn.co for any queries.
Do customer training under one roof — create videos & guides, set up a Knowledge Base, launch an Academy.
North Bethesda, Maryland 20852
