COMPLIANCE & SECURITY
We're the ISO. The processors hold the certifications.
SavPay is a registered Moneris ISO and an authorized agent of Fiserv Canada and Nuvei. Card data, settlement, and regulatory compliance live with those processors — each one independently certified. Here's exactly how that works.
WHAT SAVPAY IS
Three relationships. All public. All verifiable.
Registered Moneris ISO
9499-8390 Québec Inc. is a registered Independent Sales Organization of Moneris Solutions Corporation, which itself acts on behalf of Royal Bank of Canada and Bank of Montreal. Listed in Moneris's partner registry.
Authorized Fiserv Canada Agent
Authorized to sell and support Clover hardware and Fiserv processing services in Canada. Activations and merchant accounts open under Fiserv Canada Ltd.'s acquiring relationships.
Authorized Nuvei Agent
Authorized partner for Nuvei's gateway, e-commerce, and recurring billing products. All gateway accounts live on Nuvei's infrastructure.
WHO HOLDS THE CERTIFICATIONS
Card-data certifications live with the processors.
SavPay does not independently hold PCI DSS, ISO 27001, SOC 2, or AMF supervision. The processors we represent do. When you transact through SavPay, your data is governed by their certifications — which is the most secure setup available, since they specialize in nothing else.
Moneris Solutions Corporation
PCI DSS Level 1 · ISO 27001 · Canadian acquirer regulated by OSFI through RBC + BMO ownership.
Fiserv Canada Ltd. (Clover)
PCI DSS Level 1 (Clover terminals + cloud) · publicly traded U.S. parent (NYSE: FI) subject to SOX + SEC disclosure.
Nuvei Corporation
PCI DSS Level 1 · Canadian-headquartered gateway, regulatory disclosures available via SEDAR.
WHAT SAVPAY HANDLES DIRECTLY
What we actually control.
- Merchant onboarding aligned with each processor's KYC + underwriting
- Statement review and rate analysis (no card data involved)
- Account-level CRM data (your business name, contact, monthly volume)
- Equipment programming and shipping (Montréal office)
- Bilingual support during business hours (transferred to processor 24/7 lines after hours)
- Privacy-by-default: no raw card data stored, logged, or transmitted by SavPay
DATA HANDLING
Where your data lives.
Card and transaction data → processor
Every dollar you process flows directly through Moneris, Fiserv, or Nuvei. Raw PANs (card numbers), CVVs, and transaction details are tokenized and stored by the processor under their PCI environment. SavPay never sees, stores, or transmits raw card data.
Account-level data → SavPay (Canada)
Your business name, contact info, monthly volume, current processor, and support ticket history live in our HubSpot CRM (data centre region: North America). This is what your account manager uses to support you.
FAQ
Honest compliance questions.
Is my card data safe with SavPay?+
What exactly is SavPay's legal relationship with the processors?+
Are you regulated?+
Where do my transactions actually live?+
Where do I report a security concern?+
SECURITY DISCLOSURES
Found something? Tell us.
Responsible disclosure is welcomed and credited. Email security@savpay.ca. Acknowledgment within 1 business day; we route to the right processor team if it relates to their systems.