Fulfillment Policy:

Effective Date: January 2024

Transaction Fulfillment Security

We are PCI DSS v4.0 compliant. All credit cards are processed safely and secure through Syncro's Stripe Payment API integration with HTTPS Level Security. (www.stripe.com) All credit card / debit card : VISA, MC, AMEX, DISCOVER data entered through the payment form is securely sent directly through Stripe‘s private encrypted servers. Doing this further protects your personal and private information. Syncro's customer portal also has redundant SSL for Authentication and Secure Encryption of all website data embedded at the domain and server level. Additionally, in order to further protect your sensitive information, we don’t sell or distribute your ANY personal to ANY third parties.

From the Stripe Security Policy:

A PCI-certified auditor evaluated Stripe and certified us to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. This audit includes both Stripe’s Card Data Vault (CDV) and the secure software development of our integration code.

We provide our users with features to automate some aspects of PCI compliance.

• We analyze the user’s integration method and dynamically inform them of which PCI validation form to use.

• If a user integrates with Stripe Elements, Checkout, Terminal SDKs, or our mobile libraries, we provide assistance in completing their PCI validation form (Self-Assessment Questionnaire A) in the Dashboard.

• We publish a PCI Compliance Guide to help educate our users about PCI compliance and how Stripe can help.

System and Organization Controls (SOC) reports

Stripe’s systems, processes, and controls are regularly audited as part of our SOC 1 and SOC 2 compliance programs. SOC 1 and SOC 2 Type II reports are produced annually and can be provided upon request.

The Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC) developed the SOC 3 report. Stripe’s SOC 3 is a public report of internal controls over security, availability, and confidentiality. View our recent SOC 3 report.

NIST Cybersecurity Framework

Stripe’s suite of information security policies and their overarching design are aligned with the NIST Cybersecurity Framework. Our security practices meet the standards of our enterprise customers who must provide secure products like on-demand cloud computing and storage platforms (for example, DigitalOcean and Slack).

Privacy and data protection

We continuously implement evolving privacy and data protection processes, procedures, and best practices under all applicable privacy and data protection regimes. For more information, see the following resources:

• Privacy policy

• Privacy center

• Data processing Agreement

HTTPS and HSTS for secure connections

We mandate the use of HTTPS for all services using TLS (SSL), including our public website and the Dashboard. We regularly audit the details of our implementation, including the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to make sure that browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for all modern major browsers.

All server-to-sever communication is encrypted using mutual transport layer security (mTLS) and Stripe has dedicated PGP keys for users to encrypt communications with Stripe, or verify signed messages they receive from Stripe. Our systems automatically block requests made using older, less secure versions of TLS, requiring use of at least TLS 1.2.

The stripe.com domain, including the Dashboard and API subdomains, are on the top domains list for Chrome, providing extra protection against homoglyph attacks. This makes it harder to create fake pages that look like stripe.com in Chrome (for example, strípe.com), which renders as punycode (xn–strpe-1sa.com), in turn making it harder for Stripe credentials to be phished.

Refund Policy

Due to the nature of consulting and professional services rendered, it is the sole responsibility of the customer to review all of the agreement policies and services. Please inspect all deliverable items carefully before purchasing. All sales are final.

Dispute Resolution:
In case of any disputes or disagreements between clients and Easy Outsource contractors, both parties are encouraged to resolve the matter through open communication.Easy Outsource may intervene in the dispute resolution process to facilitate a fair and equitable solution.

Currency Information:

All transactions are conducted in USD (United States Dollar). Currency conversion rates are dependent on the client’s location and determined by Stripe's payment system.