# ButlerPay — Full Content (LLM-readable) > This file contains the complete text content of all pages on butlerpay.eu in Markdown format. > For the short summary index, see: https://www.butlerpay.eu/llms.txt > Last updated: 2026-04-05 --- # ButlerPay — Homepage ## When trust is enough In some of the world's most prestigious boutiques, client card details are still written on paper and stored in a safe. ButlerPay provides a governed alternative. ## In practice ### The sale, upon decision With ButlerPay, payment is triggered as soon as the client expresses intent. No link. No friction. Because there is a bond of trust. The advisor acts on behalf of the client, in a clear, secure, and traceable framework. The product is reserved. The sale is engaged. ### Hand over, simply When the client passes by — or their driver arrives — there is nothing left to manage. The product is ready. Payment is done. Just hand it over. ### Try, freely Several pieces are sent. The sale is engaged upon dispatch. The client chooses. The rest is adjusted, cleanly, without complexity. Client freedom is preserved. The House remains protected. ## Payment, put back in its place ButlerPay does not remove payment. It removes the useless moment of payment. Because in luxury, trust is not an option. It is the starting point. ## Delegated payments, governed, integrated A client advisor can charge on behalf of a VIP with explicit consent, authorised human action, and audit-ready evidence. ## Clear Boundaries ButlerPay is not a payment provider, a checkout, a wallet, or a sales system. It is a governance framework for a specific VIP use case. - Not a PSP - Not a checkout - Not a wallet - Not a sales system ## Context In luxury, the relationship precedes the transaction. For the most valued clients, the Maison is expected to act — discreetly, later, on their behalf. That is legitimate. The question is how. ## As-Is to To-Be **Current reality (As-Is):** Paper consent, local storage, manual entry, audit-fragile evidence. **ButlerPay (To-Be):** Web onboarding + consent, secure card capture without boutique staff handling card data, authorised actions, notifications, audit trail. The problem is not the intent — it is the lack of framework. ## How It Works 1. **VIP onboarding** — Consent and secure card capture through web page or in-store terminal. 2. **In-store action** — Charge by authorised Client Advisor, refund by Store Manager (role scope). 3. **Evidence** — Traceability and notifications for key events. ## Governance Facts - Authority is defined by the Maison (roles, perimeters, policies). - Payment execution stays with the PSP; ButlerPay frames delegation. - Every critical action is explainable after the fact within defined access rules (who, when, for whom). ## Value by Audience **Maison:** Reduced sensitive practices (less paper / manual entry), formal delegation framework, and stronger control posture. **Boutique teams:** Operational continuity for clienteling with clear responsibilities. **VIP client:** Discretion preserved, less friction, transparent notifications. **IT and compliance:** Governed integration and audit-ready evidence without core-system replacement. ## Integration ButlerPay integrates into the Maison ecosystem. CRM, POS, and PSP remain unchanged. - CRM — client identity - POS — sale & invoice - PSP — execution & vault ## Functional Scope - Eligibility and assignment: CRM import, VIP selection, store and advisor scope assignment. - Onboarding: Web or terminal journey, explicit consent, no card data handled by boutique teams. - Operations: Charge, refund, approvals, and policy perimeters. - Controls: Role-based access control and scoped visibility by perimeter. - Evidence: Notifications, audit trail, and reconciliation-ready evidence. ## About ButlerPay ButlerPay formalises a practice that already exists. In many luxury Maisons, delegated payment is already a daily reality. A VIP client entrusts their Client Advisor with the authority to act on their behalf — reserving a piece, confirming a purchase, adjusting after a fitting. Yet the mechanisms supporting this trust are often fragile: paper consent forms, card details stored in safes, manual terminal entry at the moment of payment. ButlerPay was created to address this specific blind spot in retail operations. It provides a governed digital framework for in-store payment delegation, replacing sensitive paper-based practices with secure web onboarding, explicit consent capture, secure card capture without boutique staff handling card data, and role-based payment triggering — all within an auditable evidence trail. We are talking about a very small population — often only a few hundred clients per Maison per country — but with exceptional purchasing power and relationship value. The platform is designed around the principle that payment should never disrupt the client relationship. The moment of payment must remain invisible, discreet, and under control. ButlerPay achieves this by placing delegation governance and traceability between the Maison's existing systems — CRM for client identity, POS for sales and invoicing, PSP for payment execution — without replacing any of them. For Maisons operating across multiple countries and hundreds of boutiques, ButlerPay offers a compliance-ready posture: clear authorisation perimeters, role-scoped access, and audit-ready evidence that can be explained after the fact. For boutique teams, it preserves the clienteling gestures that define premium service while removing the operational friction and risk of manual processes. ButlerPay is a purpose-built SaaS platform for the governance needs of high-end retail. It is not a payment service provider, not a checkout solution, and not a consumer wallet. It is trust infrastructure. ButlerPay is a governed way to do what already happens — without local card storage, without fragile paper consent, and without losing the discretion expected in luxury service. --- # What is delegated payment in luxury retail? > URL: https://www.butlerpay.eu/what-is-delegated-payment/ Delegated payment is a governed practice where an authorised operator — a Client Advisor or Store Manager — triggers a card charge on behalf of a VIP client who has given prior consent. The client does not need to be present at the moment of payment. ## Why the practice exists In luxury retail, the relationship between a Maison and its most valued clients is built on continuity and trust. A VIP client does not shop in the same way as the general public. They have a dedicated advisor who knows their preferences, anticipates their needs, and acts — sometimes before the client has even seen the item. Consider a few common scenarios: - A piece is reserved during a trunk show. The client is travelling. The advisor confirms the purchase on their behalf and arranges delivery. - A wardrobe selection is sent to a client's home for fitting. The client keeps three pieces. The charge is applied to the agreed items after the return. - A client calls their advisor to buy a specific item before it sells out. The advisor acts immediately, confirms by message, and the client never visits the boutique. These are not edge cases. For the most valued clients — often only a few hundred per Maison per country, but with exceptional purchasing power — this is the expected mode of service. The Maison is trusted to act on their behalf. That is legitimate. ## Why current practices are fragile The problem is not the intent. The problem is how it is executed today. Across many luxury Maisons, delegated payment relies on practices that were designed for a pre-digital world: - Paper consent forms — The client signs a document authorising future charges. The form is stored in the boutique, sometimes in a safe. - Card details stored locally — A photo of the client's card, or the card number written by hand, kept in a file or a drawer at the boutique level. - Manual terminal entry — The advisor types the card number into the payment terminal at the moment of charging. The card is not physically present. The client is not present. Each of these practices creates exposure: - PCI DSS requires that card data not be stored in readable form outside of secure payment environments. - GDPR requires a documented legal basis for storing personal payment data. - Internal audit cannot easily reconstruct who charged what, on whose behalf, and under what authority. - Fraud risk is concentrated at the boutique level, where card data can be accessed without system controls. ## What a governed framework changes A governed delegated payment framework replaces fragile manual practices with a structured digital workflow — without changing the nature of the relationship. **Digital consent:** The VIP client gives explicit, recorded consent through a secure web journey. The consent is dated, documented, and stored in a way that can be retrieved for audit or dispute resolution. **Secure card capture — no staff handling:** Card details are entered by the client directly through the payment service provider's hosted page. No card number passes through the boutique's operational environment. No staff member sees or handles the card data. **Role-based authorisation:** Not every employee can initiate a charge. The Maison defines who can act, for which clients, within which perimeter. Authorisations are enforced by the platform. **Audit-ready evidence:** Every action — onboarding, charge, refund, notification — is logged with the operator identity, timestamp, client reference, and type of operation. **Client notification:** The VIP client is informed at each key step. This notification serves both as a transparency mechanism and as an additional layer of evidence. ## ButlerPay and delegated payment ButlerPay is the governance layer for this specific use case. It is not a payment service provider — payment execution stays with the Maison's existing PSP. It is not a checkout, a wallet, or a sales system. ButlerPay sits between these systems, adding the one layer they do not provide: a governed, traceable, auditable framework for delegated payment. --- # Frequently Asked Questions > URL: https://www.butlerpay.eu/faq/ ## About ButlerPay **What is ButlerPay?** ButlerPay is a SaaS platform that formalises delegated payment in luxury retail. It enables a Maison to authorise that a Client Advisor or Store Manager triggers a card charge on behalf of a VIP client, within a governed and traceable framework. **Is ButlerPay a payment service provider?** No. ButlerPay is not a PSP. Payment execution remains handled by the Maison's own payment service provider. ButlerPay governs the delegation — who can act, for which client, within what perimeter — and preserves the evidence trail. **Does ButlerPay replace CRM, POS, or PSP?** No. ButlerPay integrates into the Maison's existing ecosystem. CRM remains the source of truth for client identity, POS for sales and invoicing, and PSP for payment execution. ButlerPay adds a governance and traceability layer without replacing any core system. **Is ButlerPay a checkout or e-commerce solution?** No. ButlerPay is not a sales tunnel, a shopping cart, or a consumer-facing checkout. It covers a specific use case: governed delegated payment for VIP clients, initiated by an authorised operator in a boutique context. ## Who uses it **Who is ButlerPay designed for?** ButlerPay is designed for large luxury retail organisations operating across multiple countries, with a VIP client base selected by the Maison. These are typically a very small population of clients — often only a few hundred per Maison per country — but with exceptional purchasing power and high relationship value. **Who uses ButlerPay on a daily basis?** Store Managers and Client Advisors, according to authorisations defined by the Maison. Each user operates within a defined role and perimeter. **Does ButlerPay cover remote sales?** ButlerPay covers delegated payment initiated by a Client Advisor from a boutique, whether the client is physically present or not at the moment of payment. It is not a remote sales channel. **Is ButlerPay available internationally?** ButlerPay is designed for multi-country operations. Perimeters, roles, and governance rules can be configured by country, region, or store. ## Consent and data **How is consent managed?** Consent is obtained via the ButlerPay onboarding web page. The VIP client gives explicit acceptance of the delegated payment framework. Legal wording and policy are owned by the Maison. **Does ButlerPay handle card data?** No. Card data is captured securely through the payment service provider's hosted page. No card details are visible to boutique staff or stored by ButlerPay. **Does ButlerPay store personal data?** ButlerPay stores the data necessary for delegation operations: client name, email, phone, CRM identifier, and action logs. No card data is stored. The Maison is the data controller; ButlerPay acts as a data processor. ## Operations and risk **Why not just use Pay by Link?** Pay by Link is a payment collection mechanism. It does not manage operator permissions, consent lifecycle, delegation policies, or structured traceability. ButlerPay can use Pay by Link as one of its execution modes, but Pay by Link alone does not provide a governance framework. **How does ButlerPay handle fraud risk?** Onboarding links are generated by authorised operators for identified clients only. Every operation is tied to an identified operator, a specific client, and a traceable event. **How does ButlerPay integrate with existing systems?** ButlerPay connects to the Maison's CRM for client data, references sales recorded in the POS, and triggers payment operations through the Maison's PSP. No core system is replaced. --- # Glossary — Key Terms > URL: https://www.butlerpay.eu/glossary/ ## Core concepts **Delegated payment:** The capability given by a VIP client to a Maison for an authorised operator to trigger a card charge on their behalf, within a defined and governed framework. **Payment on behalf:** An operation where an authorised person — typically a Client Advisor or Store Manager — initiates a payment for a client who has given prior consent. **Governed framework:** The combination of rules, permissions, roles, and evidence that ensures delegated payment is operated in a controlled, traceable, and auditable manner. **Traceability:** The ability to reconstruct who initiated an action, when it occurred, on behalf of which client, and what type of operation was performed. **Auditability:** The capacity to explain any delegated payment operation after the fact, based on logged evidence, within access rules defined by the Maison. ## Actors **Maison:** The organisation — brand or retail entity — that is a client of ButlerPay. The Maison owns the VIP policy, defines governance rules, and controls in-store usage of delegated payment. **VIP client:** An end client selected by the Maison as eligible for delegated payment. This is typically a very small population — often only a few hundred per country — with exceptional purchasing power and high relationship value. **Client Advisor:** The in-store advisor who serves as the primary operational actor of clienteling. Within the ButlerPay framework, a Client Advisor can trigger a payment on behalf of a VIP client, if authorised. **Store Manager:** The boutique manager who supervises usage and performs certain privileged operations — such as refunds — according to the framework defined by the Maison. ## Consent and evidence **Onboarding:** The ButlerPay web journey through which a VIP client completes enrolment and gives explicit consent for delegated payment. The client registers their card securely during this process, without staff handling card data. **Consent:** The VIP client's explicit acceptance of the delegated payment framework, captured via the ButlerPay onboarding page. **Consent evidence:** The recorded proof that a client has given their consent to delegated payment, including the date, channel, and conditions under which consent was captured. **Client notification:** Information sent to the VIP client — by email or SMS — to inform them of a key event in their journey. ## Governance and access **Perimeter:** The usage boundaries — country, store, team, role, or threshold — within which an operator is authorised to act. **Authorisation:** An access rule that determines who can initiate which type of operation for which clients, within which perimeter. ## Integration terms **CRM:** The Maison's client relationship management system. Source of truth for client identity and relationship data. **POS:** The Maison's point-of-sale system. Source of truth for sales, invoicing, and product lines. **PSP:** The Maison's payment service provider. Source of truth for payment execution, card vault, and settlement. **Reconciliation:** The process of matching delegated payment transactions with corresponding sales records in the POS. --- # Security & Compliance > URL: https://www.butlerpay.eu/security/ ButlerPay is designed to address a sensitive use case — delegated payment for VIP clients — within a controlled framework that reduces risky practices and strengthens operational traceability. ## Design principles **Functional discretion:** The boutique experience remains fluid. Payment delegation operates in the background, without disrupting the client relationship. **Legitimate human authority:** Every action is performed by an authorised operator according to the Maison's policy. **Control and governance:** Authorisation rules and usage perimeters are defined by the Maison. ButlerPay enforces and documents their application. **Traceability without suspicion:** Actions are explainable after the fact. The goal is auditability — not surveillance. **Non-invasive integration:** ButlerPay sits between the Maison's CRM, POS, and PSP without replacing any of them. ## Responsibility framework **The Maison:** Defines VIP policy, usage governance, authorisation rules, and internal procedures. Responsible for client identification, dispute management, and boutique-level operational policies. **ButlerPay:** Provides the SaaS platform, logs usage and evidence, and delivers the operational tooling for governed delegation. Acts as a data processor under the Maison's authority. **The PSP:** Handles payment execution and card vault. No card data is stored by ButlerPay or handled by boutique staff. **The POS:** Remains the source of truth for sales, invoicing, and product lines. **The CRM:** Remains the source of truth for client identity and relationship data. ## What ButlerPay traces Every critical action is logged with: who initiated it (operator identity and role), when it occurred, on behalf of which client, what type of action was performed, and references for correlation with the Maison's ecosystem. ## Card data handling ButlerPay does not store, process, or transmit card data. Card details are captured through the PSP's hosted page — the client enters their information directly, without staff involvement. No card number (PAN) transits through the ButlerPay platform. ## Consent Consent is obtained via the ButlerPay onboarding web page. The VIP client gives explicit acceptance before any operation can be performed on their behalf. The legal framework is owned and defined by the Maison. ## Personal data ButlerPay stores: client name, email, telephone, CRM identifier, and action logs. No card data. The Maison is the data controller. A Data Processing Agreement is part of the standard contractual framework. ## What ButlerPay does not do - ButlerPay is not a payment service provider. - ButlerPay is not a checkout or e-commerce solution. - ButlerPay is not a consumer wallet. - ButlerPay does not perform identity verification (KYC). - ButlerPay does not make public commitments on functionalities not formalised with a specific Maison. --- *ButlerPay — Governed delegated payments for luxury retail.* *Contact: butlerpay@tmoc.eu* *Website: https://www.butlerpay.eu*