Payment security

Most important point: no card numbers ever touch NoCode.shop servers. When your customer enters card info, it goes straight to Stripe via an embedded form (Stripe Elements).

NoCode.shop only gets a payment confirmation and a transaction ID. Card data stays exclusively with Stripe.

Stripe is certified PCI DSS Level 1, the highest compliance level in the payment industry. Covers collection, processing, and storage of card data.

By using Stripe, you get this compliance without managing it yourself. Zero PCI DSS steps on your end.

All NoCode.shop pages (dashboard, sales pages, checkout) are served over HTTPS with a valid SSL certificate. Data between your customer’s browser and our servers is encrypted.

European regulation (PSD2) requires strong customer authentication (SCA) for online payments. Your customer may get an extra verification step (bank notification, SMS code) during payment.

Stripe handles 3D Secure automatically when the customer’s bank requires it. Nothing to configure on the NoCode.shop side.

For SEPA direct debits, GoCardless manages mandate creation and storage. Customer signs an electronic mandate on first payment. GoCardless stores it per SEPA scheme rules.

NoCode.shop is hosted on Meteor Galaxy EU West 1 (Ireland). Your business data (orders, customers, products) is stored in the EU. Payment data is held by Stripe and GoCardless, who also have European infrastructure.