A: Hey, thanks for the question.

HeySummit is hosted entirely on Amazon Web Services (AWS), which maintains rigorous security certifications including SOC 1, SOC 2, SOC 3, and ISO 27001. While HeySummit itself does not yet hold a standalone SOC 2 or ISO 27001 certification, we leverage the best-in-class infrastructure and follow industry best practices for data security and privacy.

Regarding the specific security measures in place to secure any Stripe or other payment methods connected: in the case of Stripe, this leverages OAuth connectivity, which is an industry-standard and secure way to manage tokens without providing or storing specific access keys or anything like that for the Stripe account. In that sense, you are well protected, and you can revoke access to HeySummit via your Stripe account at any time if needed.

With regard to PayPal (if you chose to use that as your payment provider), you do need to connect API keys, though we will encrypt these keys. Raw keys are never stored in our databases.

I hope this helps clarify, but please feel free to let me know if you have any further questions.