Chargebee Retention Security Overview

Modified on: Sat, 1 Oct, 2022 at 12:12 AM


Chargebee Retention Security Overview

How does SOC2 audit done for Retention?

What security protocol does Retention invest in?


When it comes to corporate and data security, we're committed to meeting the needs of today's web regulatory environment. We aim to deliver the best overall experience from our AWS-hosted platform and invest in annual SOC2 auditing and continuous monitoring to ensure compliance.


SOC 2 Audits

A SOC 2 Audit is done in accordance with the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, TSP Section 100).

What security protocol does Retention invest in?

  • Privacy & security training
    All Retention employees are trained and certified on data privacy policies and best practices.
  • End-to-end encryption
    All data in Retention is stored and transmitted with end-to-end encryption. We also store your data using 256-bit AES encryption, which makes your data highly secure.
  • Vendor audit & approval process
    Retention performs a comprehensive compliance review and approval process before using and licensing third-party tools.
  • Data encryption & access controls
    In transit and at rest, all customer data is encrypted using only industry-leading tools, standards and best practices for data handling and security.
  • Information security policy
    Retention's Information Security Policy and Procedures are thoughtfully created using the ISO 2700x standard.
  • Security & Compliance
    Retention maintains compliance with an annual examination and attestation to SOC 2.

How long does Retention store customer data?

By default, a customer's data is stored for the duration of his or her contract with Retention.

The data may be deleted within one month after the contract ends, at the latest, with the exception of data that is required to establish proof of a right or a contract, which will be stored for the duration provided by enforceable law.
Once deleted, a user's data cannot be restored. Retention may provide the option for customers to delete data after their subscription ends. This request must be made by the customer, and Retention may require additional ID verification. Retention should hard delete all information from currently-running production systems within one month of the deletion request.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.