RecurFix
Security & privacy

Security Without
Compromise

RecurFix is architected so that raw payment data never enters our systems. Your customers' card and bank details stay within Mollie's infrastructure - always.

Core principle: RecurFix never stores raw payment details

Card numbers, IBAN numbers, CVV codes, and full payment credentials never pass through RecurFix's systems. We interact exclusively with Mollie's tokenized references - opaque identifiers that are meaningless outside of Mollie's infrastructure.

All customer payment updates flow through Mollie's PCI-DSS Level 1 certified hosted checkout. RecurFix acts as an orchestration layer - it triggers flows and reads statuses, but never touches the raw payment data itself.

Security Architecture

Mollie-hosted payment pages

All payment input - new card details, IBAN numbers, payment method updates - is handled exclusively through Mollie's PCI-DSS Level 1 certified hosted checkout. Customers enter their payment information directly into Mollie's secure environment.

PCI-DSS Level 1 certified via Mollie

Zero raw payment data storage

RecurFix never stores card numbers, CVV codes, full IBANs, or any raw payment credentials. Our database contains only Mollie-issued tokenized identifiers (mandate IDs, payment IDs) which are opaque references with no standalone value.

Tokenized references only - no raw card data

Webhook signature verification

All webhooks sent to and from RecurFix are signed and verified using HMAC-SHA256 signatures. RecurFix verifies that every incoming Mollie webhook event is genuinely from Mollie before processing it. Outgoing webhooks to your system are signed with your secret key.

HMAC-SHA256 webhook signing

Encrypted API communication

All API communication between RecurFix and Mollie uses TLS 1.3 encryption. RecurFix's REST API requires API key authentication for all requests. API keys are hashed before storage - we cannot recover your plain-text API key after creation.

TLS 1.3 · Hashed API key storage

Secure mandate handling

RecurFix never creates, modifies, or deletes mandates directly. Mandate creation always happens through Mollie's hosted checkout flow - where the customer actively authorizes the new mandate. RecurFix only reads mandate status via Mollie's API to determine recovery paths.

All mandate creation via Mollie-hosted flow

GDPR-ready workflows

RecurFix's data processing is designed to comply with GDPR. Dunning emails only contain the minimum necessary information. Customer data can be deleted on request. EU data residency options are available on Custom plans.

GDPR-ready · EU data residency options

Data Access Transparency

Exactly what RecurFix can and cannot access about your customers.

What RecurFix can see

  • Payment status (paid, failed, pending)
  • Payment amount and currency
  • Failure reason codes from Mollie
  • Customer email address (for dunning)
  • Mandate status (valid, invalid, etc.)
  • Mollie customer ID (opaque reference)
  • Last 4 digits of card (for display only)

What RecurFix cannot see

  • Full card numbers (PAN)
  • CVV / CVC security codes
  • Full IBAN numbers
  • Card expiry dates
  • Bank account credentials
  • Passwords or authentication data
  • Mollie API private keys

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a potential security issue in RecurFix, please report it responsibly by emailing [email protected].

We commit to acknowledging your report within 24 hours, working with you to understand and resolve the issue, and crediting you for responsible disclosure in our security acknowledgements (unless you prefer anonymity).

Questions About Security?

Our team is happy to discuss our security architecture, data practices, or GDPR compliance in detail.

Contact us [email protected]