Skip to main content
← Back to Documentation

Security & Trust

Important

Identity verification, payment security, and dispute resolution

Last updated Jan 25, 2025 • 20 min read

On This Page

→ Identity Verification→ Stripe Identity Integration→ Payment Security→ Data Encryption→ Two-Factor Authentication→ Dispute Resolution Process→ Payment Protection→ Fraud Prevention

Identity Verification

PayHeld uses multi-level identity verification to ensure trust and security for all users. The verification level required depends on your account activity and transaction volume.

Verification Levels

1
Basic Verification
Email and phone number verification
Required for: Account creation • Transactions up to $1,000
2
Standard Verification
Government-issued ID verification via Stripe Identity
Required for: Transactions $1,000 - $5,000
3
Enhanced Verification
ID verification + proof of address
Required for: Transactions $5,000 - $25,000
4
Full Verification
Enhanced verification + source of funds documentation
Required for: Transactions above $25,000

Automatic Verification Triggers

PayHeld automatically prompts for higher verification levels when:

  • Single transaction exceeds your current verification tier
  • Cumulative monthly transactions exceed $50,000
  • Suspicious activity or risk factors are detected
  • Regulatory compliance requirements apply

Stripe Identity Integration

PayHeld uses Stripe Identity for secure, streamlined identity verification. Stripe Identity is the same system used by companies like Lyft, Discord, and Substack to verify user identities.

How It Works

1
Start Verification
Click "Verify Identity" in your dashboard when prompted
2
Choose Document Type
Select passport, driver's license, or national ID card
3
Take Photos
Use your phone camera to capture front and back of ID
4
Selfie Verification
Take a selfie to confirm you match the ID photo
5
Instant Results
Most verifications are approved within minutes

Privacy & Data Protection

Encrypted Storage

All verification documents are encrypted at rest using AES-256 encryption

SOC 2 Certified

Stripe Identity is SOC 2 Type II certified for security and compliance

Limited Retention

Documents are automatically deleted after verification (unless required by law)

GDPR Compliant

Full compliance with GDPR, CCPA, and global privacy regulations

Payment Security

PayHeld processes all payments through Stripe, the world's most trusted payment platform. We never store credit card numbers or sensitive payment information on our servers.

PCI DSS Level 1 Compliance

Stripe maintains the highest level of payment industry security certification (PCI DSS Level 1). This means:

  • Your payment data is encrypted end-to-end
  • Card numbers are tokenized (replaced with secure tokens)
  • Annual third-party security audits are performed
  • Real-time fraud detection on every transaction

How Your Money is Protected

Data Encryption

PayHeld uses industry-standard encryption to protect your personal and financial data at rest and in transit.

Encryption at Rest

  • AES-256-GCM encryption for all sensitive data
  • Personally Identifiable Information (PII) encrypted field-by-field
  • Encryption keys managed through AWS KMS
  • Automatic key rotation for security

Encryption in Transit

  • TLS 1.3 for all connections
  • HTTPS enforced across entire platform
  • SSL certificates from trusted authorities
  • Perfect forward secrecy enabled

What Data is Encrypted?

  • • Email addresses
  • • Phone numbers
  • • Physical addresses
  • • Social Security Numbers (SSN)
  • • Tax identification numbers
  • • Bank account details
  • • Identity verification documents
  • • Payment tokens
  • • API secrets and webhooks
  • • Session cookies

Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security to your account by requiring both your password and a time-based code to log in.

2FA Step-Up for Sensitive Operations

Even if you're already logged in, certain sensitive operations require you to re-verify with 2FA:

  • • Releasing secured payments
  • • Processing refunds
  • • Changing payout methods
  • • Disabling 2FA
  • • Deleting your account

Setting Up 2FA

  1. 1
    Install an authenticator app
    Download Google Authenticator, Authy, or 1Password on your phone
  2. 2
    Go to Settings → Security
    Click "Enable Two-Factor Authentication"
  3. 3
    Scan the QR code
    Use your authenticator app to scan the displayed QR code
  4. 4
    Enter the 6-digit code
    Confirm setup by entering the code from your app
  5. 5
    Save recovery codes
    Download and securely store your backup codes in case you lose access to your phone

Dispute Resolution Process

If you have a disagreement about project deliverables or payment, PayHeld's dispute resolution system provides a fair, transparent process to reach a resolution.

Dispute Stages

1

Direct Negotiation (3 days)

Both parties discuss the issue and attempt to reach a resolution. Messages are tracked in the dispute thread. Most disputes are resolved at this stage.

2

Evidence Submission (5 days)

Both parties submit evidence (project files, screenshots, communication logs). Each side can review the other's evidence and provide counter-evidence.

3

Admin Review (2-3 days)

PayHeld's dispute resolution team reviews all evidence and makes a fair decision. Decisions consider project requirements, deliverables, communication, and industry standards.

4

Resolution & Payment Release

Based on the decision, secured funds are released appropriately (full payment, partial payment, full refund, or split resolution). Both parties are notified with detailed reasoning.

What Makes a Strong Dispute Case?

For Clients

  • • Clear project requirements documented upfront
  • • Screenshots showing work doesn't match requirements
  • • Communication logs showing unresponsiveness
  • • Evidence of missed deadlines

For Freelancers

  • • Delivered files matching original requirements
  • • Communication logs showing responsiveness
  • • Evidence of scope changes or unclear requirements
  • • Proof of timely delivery

Payment Protection

PayHeld's payment protection system ensures both clients and freelancers are protected throughout the project lifecycle.

For Clients

  • Pay only when satisfied: Funds aren't released until you approve the work
  • Request revisions: Ask for changes before approving payment
  • Refund protection: Get your money back if work isn't delivered
  • Dispute resolution: Fair mediation if disagreements occur

For Freelancers

  • Guaranteed payment: Funds are secured before you start work
  • No payment delays: Money is already secured
  • Automatic release: Funds released after 7-day auto-approval period
  • Fair disputes: Protection against unreasonable refund requests

How Payment Protection Works

Client pays upfront
Payment is immediately secured with payment protection when project starts
Freelancer delivers work
Work is submitted through the platform with all deliverables
Client reviews work
Client has 7 days to review and either approve, request revisions, or open dispute
Payment released
Funds are released to freelancer after approval (or automatically after 7 days)

Fraud Prevention

PayHeld uses multiple layers of fraud detection and prevention to keep the platform safe for everyone.

Automated Detection

  • Real-time transaction risk scoring
  • Velocity checks (unusual payment patterns)
  • IP and device fingerprinting
  • Geolocation risk analysis
  • Machine learning fraud models

Manual Review

  • High-value transactions reviewed by team
  • Suspicious account activity investigation
  • User-reported fraud verification
  • Sanctions screening compliance
  • Account verification appeals

How to Protect Yourself

  • • Never share your password or 2FA codes
  • • Use strong, unique passwords
  • • Enable two-factor authentication
  • • Verify freelancer profiles before hiring
  • • Don't accept off-platform payments
  • • Report suspicious accounts immediately
  • • Keep communication on PayHeld
  • • Review all transactions regularly

Questions About Security?

If you have questions about security, privacy, or trust that aren't covered here, our support team is here to help.

Contact SupportBack to Docs
Security & Trust | PayHeld Documentation