Security and Payment Compliance

Kaylee & Co. uses a controlled commerce application operated by Kaylee Retail LLC for order, payment status, and reconciliation workflows.

Payment data handling

The app does not store full card numbers, CVV, or full bank account details. Payment credentials are handled by approved payment services. When Intuit Payments is configured, payment services are provided by Intuit Payments Inc. Receipts include amount, order reference, payment status, and transaction reference when available.

Intuit API security

OAuth refresh tokens are encrypted at rest. Access tokens are kept only in short-lived server memory and refreshed when needed. Client secrets are stored in server environment configuration and are not exposed to browser code.

Fraud controls

Checkout supports reCAPTCHA configuration for automated abuse prevention. Orders may be held for manual review, cancelled, voided, or refunded when payment or fraud checks require action.

Logging

The app records non-sensitive API troubleshooting logs, including timestamp, endpoint context, event type, and Intuit transaction IDs where available. Sensitive payment credentials and OAuth secrets are not logged.

Support

Customers and administrators can contact support@subpl.us for order, receipt, payment status, refund, or connection support.