Security & compliance are the foundation, not a feature
Your card data sits on a PCI Level 1 compliant base built on Basis Theory — plaintext PANs never touch your servers. We carry the heaviest part of compliance at the base, so you collect faster and steadier.
Base compliance (via Basis Theory)
The card vault is built on Basis Theory, whose platform holds:
PCI DSS Level 1
SOC 2 Type II
ISO 27001
HIPAA
Note: the above are the base's (Basis Theory's) certifications. KeepPay's vault runs on that compliant base, so plaintext PANs never enter KeepPay or your own environment.
What KeepPay does for security
Tokenize on capture
The card is tokenized in the user’s browser, never touching your front or back end.
No plaintext at rest
Your systems, logs, and database hold only tokens — no plaintext PANs.
Shrink your PCI scope
Because plaintext never passes through your environment, your PCI scope shrinks dramatically.
Encryption in transit & at rest
Data is encrypted end to end.
Data residency / private
Choose where data lives per regional rules; Enterprise supports private deployment.
Least privilege & audit
Controlled admin access with action logging.
Specific compliance or data-residency requirements?
We'll tailor a plan to your region and scenario.