Payments Security at HotDoc
HotDoc's Payments feature allows your practice to collect payments for appointments and accept online requests for repeat prescriptions, referrals, and medical certificates—once a payment method has been added. Your card details are never visible to HotDoc nor the practice, and we do not collect or store your card details. We use financial organisations Stripe, Pin Payments and Spreedly that we embed into our HotDoc platform to process payments and who are all Payment Card Industry - Data Security Standards (PCI-DSS) Level 1 certified.
When you add your debit or credit card details via HotDoc, Stripe helps protect against disputes and fraud by verifying your card information with the card network, which then checks it against their records. In some instances, you may be directed to complete an additional verification step with your bank, where you will need to enter a password or code sent to your mobile device, to confirm your identity with your card issuer.
Your card details are then stored securely with Spreedly, and we receive an anonymised 'token' from Spreedly. This token is then passed to your practice's payment provider Stripe or Pin Payments to process your payment. As a result your card details, CVV codes and data are never visible to HotDoc nor the practice, but you will see your payment method in your HotDoc account so that you can use this for future payments. If you choose to delete the stored card from your HotDoc account, this causes the token to be 'redacted' in Spreedly, which renders the token unusable for future charges.
If you would like to read more about how HotDoc handles security as well as your personal information, please view our security page and our privacy policy. To see how our financial providers handle security and privacy, please view the links below:
- Stripe Security / Stripe Privacy /
- Pin Payments Security / Pin Payments Privacy
- Spreedly Security / Spreedly Privacy
You can also check out our payment security FAQs for more information: