Card data stays with Stripe
If subscriptions are activated, hosted Checkout—not a FareSift form—collects payment details. The application is designed to store only limited Stripe identifiers and subscription state.
FareSift is designed to minimize sensitive data, keep card entry with Stripe, verify critical events, and make every assurance claim testable. Where independent validation is not complete, we say so.
The strongest control is often choosing not to receive the data in the first place.
If subscriptions are activated, hosted Checkout—not a FareSift form—collects payment details. The application is designed to store only limited Stripe identifiers and subscription state.
Protected account and billing actions use the platform-authenticated identity; the browser never declares its own account authority.
The beta does not request passport images, known-traveler numbers, card numbers, or health information.
Provider keys, webhook secrets, and email credentials are runtime secrets—not browser variables or database content.
When activated, a plan selection creates a server-owned purchase intent, an allowlisted Price ID is sent to Stripe, and the traveler is redirected to Stripe-hosted Checkout. Access can activate only after a signed, replay-limited webhook is durably recorded. Until the operator evidence gates pass, the beta records a no-charge plan selection instead.
Readiness means internal implementation work only. Examination, attestation, validation, and certification require the applicable qualified independent parties. The limited Spanish overview is published with external linguistic and legal review still pending.
Level 2 is the application-verification target, with selected higher-assurance controls for payments, administration, and future autonomous purchasing. This is not an OWASP certification, assessment result, or endorsement.
Web and API controls are mapped to the current Top 10:2025 and API Security Top 10:2023 awareness models, then verified against the deeper ASVS requirements.
Controls and evidence are being mapped to the AICPA Trust Services Criteria. FareSift has not undergone a CPA SOC 2 examination and has no Type I or Type II report.
The security program is being organized around a risk-based information-security management system, including Amendment 1:2024. FareSift has not completed a certification audit.
Stripe-hosted Checkout is the subscription-payment design. It can reduce the card-data boundary, but FareSift still must confirm its merchant scope and validation obligations with its acquirer or qualified adviser.
FareSift does not solicit PHI and its current operations are not intended to make it a covered entity or business associate. Applicability depends on legal and operational facts; HIPAA is not a certification.
Same-origin write enforcement, bounded JSON bodies, durable rate limits, strict outbound allowlists, and signed-webhook verification are part of the current code baseline. This list is not an independent assessment or a production-readiness determination.
FareSift correspondence identifies FareSift and Michai Media. Delivery remains disabled until the exact sending domain passes SPF, DKIM, and DMARC alignment, Reply-To reaches a monitored inbox, and the results are recorded.
Security reports can be submitted through the support channel published in our security.txt file. Do not include secrets, card data, or passport information.
FareSift has no SOC 2 report, is not ISO/IEC 27001 certified, does not claim an OWASP assessment or automatic PCI compliance, and does not treat HIPAA as a certification. Independent testing, audit evidence, merchant validation, legal review, and factual applicability remain explicit gates.