🔒 Payment Security & Terms

← Back to Flash Clean home · On-page summary

How Your Payment Is Protected

Flash Clean uses Stripe, a PCI DSS Level 1 certified payment provider, to process all card payments. Your card details are handled directly by Stripe over encrypted connections and are never stored on our servers.

Card Data & Encryption

Card numbers and CVC are entered via Stripe.js and sent straight to Stripe over HTTPS.
Our systems never see or store your full card number or CVC.
Subsequent charges use Stripe tokens (PaymentIntent IDs), not raw card data.

Authorisation & Capture

Your card is authorised when you book; payment is only captured after your clean is completed.
We verify the payment status directly with Stripe before treating your booking as paid.

Additional Security Controls

Stripe webhooks are signed and validated to prevent tampering or duplicate processing.
Payment status is verified directly with Stripe before a booking is treated as paid.
Operational credentials are stored securely in environment variables, not public code.