• Security

    Merchants trust us to run their subscription businesses. We take this very seriously. The protection of personal information, as well as the integrity, reliability and availability of service, are core to Limio's success. If you would like to receive a copy of our Information Security Policy, please reach out to security@limio.com.


    We’ve set up a dedicated email address for you to securely contact us about sensitive issues. Once we’ve received your email, we’ll work with you to fully understand the scope of the problem and keep you informed as we work on a solution. If you believe you have found a security vulnerability with Limio, please contact security@limio.com.

    PCI and SCA Compliance

    Payment security is one of the highest priority for Limio. Limio is PCI compliant and can provide its Attestation of Compliance (AoC) on request. For our Limio for Zuora product, we support Zuora Payment Pages 2.0 which passes sensitive payment data is transferred from the web browser directly to the Zuora server via HTTPS. No card information is transmitted on Limio servers or stored in Limio.


    Limio also supports Strong Customer Authentication (SCA), a rule in effect as of September 14, 2019, as part of PSD2 regulation in Europe. This regulation is the largest change to how European customers authenticate online card payments in the last decade. The user experience is different and requires an extra check with the customer's bank, similar to 3DSecure. Transactions that don’t follow the new authentication guidelines may be declined by your customers’ banks, which will impact conversion and retention rates of subscription businesses. If your provider does not support SCA, get in touch at hello@limio.com and we can arrange a migration for you.

    General Data Protection Regulation

    The General Data Protection Regulation (GDPR) is a European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. It came into effect on 25 May 2018.


    As a merchant, you are usually the controller of your customers’ data. A controller is someone who collects customers’ data and decides how the data is processed. While GDPR is a regulation for entities based in the European Union, it may apply to your business if you sell goods and services in Europe or handle customer data of customers based in Europe, even if you don't have a presence in Europe.


    Limio is a data processor for your customers’ data. A processor processes personal information electronically, but merchants (the controllers) are responsible for deciding how the information is processed. Limio follows your instructions on how to handle personal data. For more details about the roles of data controller and processor, please see the ICO guidance. For information about Limio's obligations as a data processor for your customer data, please read our Privacy Policy.


    Limio understands that protecting your customer's personal data and your own is fundamental to our shared success. Our platform is GDPR-compliant, including features to view and control personal data, as well as technical measures to protect this data.


    While we help you to protect your customer's privacy, there are steps you must take on your own to be compliant with GDPR as a data controller. If you are a merchant based in the U.K., you may need to register and pay a fee to the ICO. You can check whether you do here. If you have legal questions specific to your obligations under the GDPR, then please consult with a local lawyer who is familiar with local data protections laws.

  • Any questions?

    Reach out to security@limio.com

    All Posts