Security

How We Protect Your Data

Check Cherry is built on secure infrastructure with encryption, continuous backups, and strict access controls.

256-bit Encryption

Data in transit & at rest

PCI Compliant

Quarterly scans & audits

Continuous Backups

Disaster recovery

GDPR Compliant

Data rights honored

Infrastructure & Hosting

Enterprise-Grade Hosting

Check Cherry runs on Heroku, which operates on Amazon Web Services (AWS) infrastructure. Heroku maintains SOC 1, SOC 2, and SOC 3 compliance, providing enterprise-level security for our platform.

US-Based Data Storage

All customer data is stored in secure US data centers. Our infrastructure is designed for high availability with automatic failover capabilities.

Continuous Backups

Your data is continuously backed up to protect against infrastructure failures and disasters. Our backup systems ensure platform reliability and business continuity.

High Availability

Our infrastructure is designed for reliability with automatic scaling and redundancy. We monitor system health 24/7 to ensure Check Cherry is available when you need it.

Data Encryption

Encryption in Transit

All data transmitted between your browser and Check Cherry is encrypted using TLS 1.3 and TLS 1.2 (HTTPS). This includes login credentials, client information, payment details, and all API communications.

Encryption at Rest

Your data is encrypted at rest using AES-256 encryption. Even if someone gained physical access to our servers, your data would remain unreadable without the encryption keys.

TLS 1.3 & 1.2 for all connections
AES-256 database encryption
Secure cookie handling
HSTS enabled (2-year policy)
Regular security updates

Payment Security

We never store your clients' credit card numbers on our servers.

No Card Storage

Credit card numbers never touch our servers. All payment data is handled by PCI DSS Level 1 certified payment processors.

Tokenized Payments

When clients save a card, we only store a secure token. This token cannot be used to retrieve the actual card number.

Secure Payouts

Bank account and tax information (TINs) is stored securely with our payment processor, not in our database.

Quarterly PCI Scans

We perform quarterly PCI compliance scanning to meet Payment Card Industry security standards.

Privacy & GDPR Compliance

Data Export

You can export all your data at any time. We believe your data belongs to you, and you should always have access to it.

Right to Deletion

Request deletion of your account and personal data. We honor GDPR data subject requests in accordance with applicable regulations.

Data Processing Agreement

We offer Data Processing Agreements (DPAs) for customers who need them for GDPR compliance. Contact us to request one.

No Data Selling

We never sell your data to third parties. Your client information stays yours. Period.

Read our Privacy Policy View GDPR Details

Access Controls

Your Account Security

Check Cherry provides tools to help you keep your account secure. Control who has access to your business data with role-based permissions.

Role-based team permissions
Secure password requirements
Session management
Activity logging

Our Internal Security

We limit access to customer data to essential personnel only. Our small, US-based team follows strict security practices.

Limited employee data access
Access only for support purposes
Secure credential management
US-based team only

Questions about security?

We're happy to answer any questions about how we protect your data. Reach out anytime.

Contact Support Start Free Trial