Payment Integrations¶

Payment processors handle sensitive financial data that requires careful compliance management. Dxtra integrations help you track payment processing activities, manage data subject rights for payment data, and maintain compliance with GDPR, CCPA, and PCI DSS requirements.

Why payment data needs privacy compliance¶

Payment processors collect personal data including:

• Credit and debit card information
• Billing addresses and customer identity
• Transaction history and amounts
• Payment methods and subscription details
• Customer authentication data

Financial data has special compliance requirements. Under GDPR Article 17(3)(e) and CCPA, financial records may have legitimate retention requirements for legal, accounting, or tax purposes. Dxtra helps you balance privacy rights with these legal obligations.

Supported payment platforms¶

Stripe¶

Status: Fully integrated Setup time: 10-15 minutes

Connect Stripe via webhook integration to automatically track customer records, payment intents, subscriptions, and invoices. Dxtra logs all payment events in your Processing Activity Log.

Go to Stripe Integration →

QuickBooks, Xero, NetSuite¶

Status: Custom integration or custom functions

These platforms are available through custom webhook integration or Dxtra's custom functions. Contact support@dxtra.ai to discuss setup for your accounting platform.

General integration approach¶

Payment integrations typically work through webhooks that send events to Dxtra whenever a payment activity occurs. The process is:

1. Get Your Credentials — Copy your Data Controller DID and API key from Dxtra settings
2. Configure Webhook — Add Dxtra's webhook endpoint in your payment processor
3. Select Events — Choose which payment events to send (customers, payments, subscriptions)
4. Verify — Send a test event and confirm data appears in Dxtra
5. Deploy — Activate the webhook and monitor the Processing Activity Log

Data privacy considerations¶

Payment data minimization¶

Dxtra does NOT store credit card numbers. Your payment processor handles card data securely. Dxtra tracks the fact that a payment occurred and the metadata (customer email, amount, date), not the card itself.

Financial record retention¶

Unlike personal data subject to deletion rights, financial records often must be retained for 3-7 years for tax, accounting, or legal compliance. When responding to deletion requests:

• Export the financial record for the customer
• Pseudonymize the data if possible
• Coordinate with your payment processor on retention policies
• Document the legal basis for any retention

Customer identification¶

Dxtra uses customer email or identifier to link payment events to data subjects. This enables you to respond to access and deletion requests by pulling all payment data associated with that customer.

Related documentation¶

• Stripe Integration — Complete setup guide for Stripe
• Custom Integrations — Build custom payment integrations
• Processing Activity Log — View tracked payment events
• Data Subject Rights — Handle data requests

Next steps¶

1. Choose your payment processor
2. Gather your Dxtra credentials (DID and API key)
3. Follow the processor-specific setup guide
4. Test with a sample payment event
5. Update your Data Processing documentation

Questions? Contact support@dxtra.ai or check the FAQ.