← Back to butlerpay.eu

Security & Compliance

ButlerPay is designed to address a sensitive use case — delegated payment for VIP clients — within a controlled framework that reduces risky practices and strengthens operational traceability.

Design principles

Functional discretion

The boutique experience remains fluid. ButlerPay does not add a sales tunnel or a consumer-facing checkout. Payment delegation operates in the background, without disrupting the client relationship.

Legitimate human authority

Every action is performed by an authorised operator — Client Advisor or Store Manager — according to the Maison's policy. The tool supports human decision-making; it does not replace it.

Control and governance

Authorisation rules and usage perimeters are defined by the Maison. ButlerPay enforces these rules and documents their application.

Traceability without suspicion

Actions are explainable after the fact. The goal is auditability — the ability to answer questions when they arise — not surveillance. Traceability serves governance, not distrust.

Non-invasive integration

ButlerPay sits between the Maison's CRM, POS, and PSP without replacing any of them. Core systems remain unchanged.

Responsibility framework

Each actor in the ecosystem has a clear role.

The Maison

Defines VIP policy, usage governance, authorisation rules, and internal procedures. The Maison is responsible for client identification, dispute management, and boutique-level operational policies.

ButlerPay

Provides the SaaS platform, logs usage and evidence, and delivers the operational tooling for governed delegation. ButlerPay acts as a data processor under the Maison's authority.

The PSP

Handles payment execution and card vault. No card data is stored by ButlerPay or handled by boutique staff.

The POS

Remains the source of truth for sales, invoicing, and product lines.

The CRM

Remains the source of truth for client identity and relationship data.

What ButlerPay traces

Every critical action within the platform is logged with the following elements:

• Who initiated the action (operator identity and role)
• When the action occurred
• On behalf of which client
• What type of action was performed (onboarding, payment, refund, notification)
• References for correlation with the Maison's ecosystem (PSP, POS, CRM), according to the defined integration scope

This evidence is designed to be audit-ready: explainable, structured, and accessible within defined access rules.

Card data handling

ButlerPay does not store, process, or transmit card data. Card details are captured through the PSP's hosted page — the client enters their information directly, without staff involvement. ButlerPay operates with references to secured tokens managed by the Maison's PSP.

No card number (PAN) transits through the ButlerPay platform or through the boutique's operational environment.

For questions about card data and fraud risk, see also the FAQ.

Consent

Consent is obtained via the ButlerPay onboarding web page. The VIP client gives explicit acceptance of the delegated payment framework before any operation can be performed on their behalf.

The legal framework — wording, scope, and retention policy — is owned and defined by the Maison. ButlerPay captures and preserves the consent evidence.

Personal data

ButlerPay stores only the data strictly necessary for delegation: client identity, contact details, and action logs. The Maison is the data controller; ButlerPay acts as a data processor under a standard Data Processing Agreement.

Client notifications

Notifications — by email or SMS — inform the VIP client of key events: onboarding confirmation, payment, refund, or other actions performed on their behalf. Notifications serve as both a transparency mechanism and an additional layer of evidence.

Notification policy — content, frequency, and exceptions — is the Maison's responsibility.

What ButlerPay does not do

• ButlerPay is not a payment service provider.
• ButlerPay is not a checkout or e-commerce solution.
• ButlerPay is not a consumer wallet.
• ButlerPay does not perform identity verification (KYC).
• ButlerPay does not make public commitments on functionalities that have not been formalised with a specific Maison.

For more questions, see the FAQ or the Glossary.