Payment Security & Data Privacy
Esta página aún no está disponible en tu idioma.
MakerVera is designed to keep your members’ payment data safe and your transaction records reliable. This page explains the protections built into the billing system.
Payment Processing Reliability
Section titled “Payment Processing Reliability”When a member makes a purchase, MakerVera follows a multi-step process to ensure nothing is lost or duplicated:
- Payment confirmation — Stripe sends a secure notification confirming the payment
- Duplicate detection — If the same notification arrives twice (e.g., due to a network retry), MakerVera recognizes the duplicate and skips it automatically
- Order fulfillment — The order is created, gift card generated, or donation recorded
- Automatic retry — If fulfillment fails (e.g., a temporary database issue), the system retries up to 3 times before flagging the event for manual review
- Confirmation — The member receives their order confirmation email
What This Means for You
Section titled “What This Means for You”- No duplicate charges — A member will never be charged twice for the same purchase, even if there’s a network hiccup
- No lost orders — Failed transactions are automatically retried and flagged if they can’t be resolved
- Fast checkout — Payment confirmation happens asynchronously, so checkout pages respond immediately
Data Privacy & Retention
Section titled “Data Privacy & Retention”MakerVera follows a strict data retention policy to minimize the personal information stored in your system. Personal data is automatically cleaned up on a scheduled basis — no manual action required.
What Data Is Collected
Section titled “What Data Is Collected”During checkout, Stripe sends MakerVera the information needed to fulfill an order:
| Data | Examples | Used For |
|---|---|---|
| Contact info | Email, name | Order confirmation emails, receipt records |
| Payment details | Amount, currency, payment method type | Financial reporting, refund processing |
| Order details | Items purchased, quantities | Inventory tracking, order history |
MakerVera does not store credit card numbers, bank account details, or other sensitive payment credentials. That information stays with Stripe.
How Long Data Is Kept
Section titled “How Long Data Is Kept”| Data Type | Retention Period | What Happens After |
|---|---|---|
| Checkout session details | 24 hours (successful) / 7 days (failed) | Replaced with a non-identifying summary |
| Abandoned cart data | 30 days | Scrubbed to item count only |
| Order customer info | 365 days | Email is anonymized, name and notes are redacted |
| Donation donor info | 365 days | Email is anonymized, name and message are redacted |
| Gift card recipient email | 90 days after full redemption | Email is anonymized |
How Anonymization Works
Section titled “How Anonymization Works”When personal data reaches the end of its retention period:
- Email addresses are converted to a one-way hash — useful for analytics (e.g., “how many unique donors?”) but impossible to reverse back to an email address
- Names and free-text fields (like admin notes or donor messages) are replaced with
[REDACTED] - Financial data (amounts, currencies, item counts) is preserved for reporting
This process runs automatically every night. There is no action required from administrators.
Webhook Security
Section titled “Webhook Security”Stripe communicates with MakerVera through webhooks — secure HTTP callbacks that notify the system when payments are completed, subscriptions change, or refunds are issued.
How Webhooks Are Protected
Section titled “How Webhooks Are Protected”- Signature verification — Every incoming webhook is verified using a cryptographic signature from Stripe. Requests that can’t be verified are rejected immediately.
- Payload size limits — Webhook payloads larger than 256 KB are rejected to prevent abuse.
- No public authentication — Webhook endpoints don’t use user login tokens. Security comes entirely from Stripe’s signature verification, which is the industry-standard approach.
Supported Webhook Events
Section titled “Supported Webhook Events”MakerVera processes the following Stripe events:
| Event | What It Triggers |
|---|---|
| Checkout completed | Order creation, gift card generation, or donation recording |
| Subscription created/updated/deleted | Membership status changes |
| Invoice paid/failed | Recurring payment tracking |
| Charge refunded | Refund processing |
| Charge disputed | Dispute flagging |
Audit Trail
Section titled “Audit Trail”All billing operations are logged in MakerVera’s audit trail. This includes:
- Order creation, updates, and cancellations
- Donation recordings
- Gift card generation and redemption
- Webhook processing events (received, completed, failed)
- Data retention operations (what was anonymized and when)
Personal information in audit logs is automatically masked — email addresses appear as r***@example.com and names are redacted.
For Administrators
Section titled “For Administrators”Do I need to configure anything?
Section titled “Do I need to configure anything?”No. All payment security and data retention features are enabled by default. The system handles:
- Webhook signature verification (configured during Stripe Connect setup)
- Automatic PII cleanup on a nightly schedule
- Duplicate payment detection
- Failed transaction retry and alerting
Can I change retention periods?
Section titled “Can I change retention periods?”Retention periods are set at the platform level to ensure consistent compliance across all makerspaces. If you have specific compliance requirements (e.g., shorter retention for GDPR), contact MakerVera support.
What if a webhook fails?
Section titled “What if a webhook fails?”Failed webhooks are retried up to 3 times automatically. If all retries fail, the event is moved to a dead letter queue and an alert is triggered for the MakerVera operations team to investigate. No action is needed from makerspace administrators.