Skip to main content
🇨🇦 SavPay is Canadian-owned, bilingual, and approved in 24 hours.Voir en français →

COMPLIANCE & SECURITY

We're the ISO. The processors hold the certifications.

SavPay is a registered Moneris ISO and an authorized agent of Fiserv Canada and Nuvei. Card data, settlement, and regulatory compliance live with those processors — each one independently certified. Here's exactly how that works.

WHAT SAVPAY IS

Three relationships. All public. All verifiable.

Registered Moneris ISO

9499-8390 Québec Inc. is a registered Independent Sales Organization of Moneris Solutions Corporation, which itself acts on behalf of Royal Bank of Canada and Bank of Montreal. Listed in Moneris's partner registry.

Authorized Fiserv Canada Agent

Authorized to sell and support Clover hardware and Fiserv processing services in Canada. Activations and merchant accounts open under Fiserv Canada Ltd.'s acquiring relationships.

Authorized Nuvei Agent

Authorized partner for Nuvei's gateway, e-commerce, and recurring billing products. All gateway accounts live on Nuvei's infrastructure.

WHO HOLDS THE CERTIFICATIONS

Card-data certifications live with the processors.

SavPay does not independently hold PCI DSS, ISO 27001, SOC 2, or AMF supervision. The processors we represent do. When you transact through SavPay, your data is governed by their certifications — which is the most secure setup available, since they specialize in nothing else.

  • Moneris Solutions Corporation

    PCI DSS Level 1 · ISO 27001 · Canadian acquirer regulated by OSFI through RBC + BMO ownership.

  • Fiserv Canada Ltd. (Clover)

    PCI DSS Level 1 (Clover terminals + cloud) · publicly traded U.S. parent (NYSE: FI) subject to SOX + SEC disclosure.

  • Nuvei Corporation

    PCI DSS Level 1 · Canadian-headquartered gateway, regulatory disclosures available via SEDAR.

WHAT SAVPAY HANDLES DIRECTLY

What we actually control.

  • Merchant onboarding aligned with each processor's KYC + underwriting
  • Statement review and rate analysis (no card data involved)
  • Account-level CRM data (your business name, contact, monthly volume)
  • Equipment programming and shipping (Montréal office)
  • Bilingual support during business hours (transferred to processor 24/7 lines after hours)
  • Privacy-by-default: no raw card data stored, logged, or transmitted by SavPay

DATA HANDLING

Where your data lives.

Card and transaction data → processor

Every dollar you process flows directly through Moneris, Fiserv, or Nuvei. Raw PANs (card numbers), CVVs, and transaction details are tokenized and stored by the processor under their PCI environment. SavPay never sees, stores, or transmits raw card data.

Account-level data → SavPay (Canada)

Your business name, contact info, monthly volume, current processor, and support ticket history live in our HubSpot CRM (data centre region: North America). This is what your account manager uses to support you.

FAQ

Honest compliance questions.

Is my card data safe with SavPay?+
Yes. Card data never touches SavPay infrastructure. Every transaction is processed and stored by the underlying processor (Moneris, Clover, or Nuvei) — each of whom holds PCI DSS Level 1 certification. SavPay's role as the ISO is sales, support, and routing; we don't store, log, or transmit raw card numbers.
What exactly is SavPay's legal relationship with the processors?+
9499-8390 Québec Inc. (operating as SavPay) is a registered Independent Sales Organization (ISO) of Moneris Solutions Corporation — which itself acts on behalf of Royal Bank of Canada and Bank of Montreal — and an authorized agent of Fiserv Canada Ltd. and Nuvei Corporation. Those relationships are public and verifiable through each processor's partner directory.
Are you regulated?+
SavPay operates within the regulatory framework of the processors we represent. Moneris, Fiserv, and Nuvei each carry their own banking, payment-network, and provincial regulator relationships. SavPay's responsibility is to enforce their underwriting and KYC procedures during merchant onboarding.
Where do my transactions actually live?+
On the processor's infrastructure — not on SavPay's. Moneris transactions live on Moneris's Canadian data centres. Clover (Fiserv) and Nuvei use their own Canadian-hosted environments. SavPay holds account-level metadata only (your business name, contact, processor, monthly volume) so we can support you.
Where do I report a security concern?+
Email security@savpay.ca. We acknowledge within 1 business day. If the concern relates to your underlying processor's systems, we route it to the right team at Moneris / Fiserv / Nuvei. Responsible disclosure is welcomed and credited on request.

SECURITY DISCLOSURES

Found something? Tell us.

Responsible disclosure is welcomed and credited. Email security@savpay.ca. Acknowledgment within 1 business day; we route to the right processor team if it relates to their systems.

Email security@savpay.ca General Contact