This page describes the current product posture as implemented and operated today. It is meant to clarify boundaries, not to imply a certification, guarantee, or compliance opinion.
Where the configured flow uses Stripe-hosted surfaces, payment method collection stays on Stripe rather than inside FlowSaver-controlled forms.
Stripe accounts are linked through Stripe Connect OAuth. FlowSaver works with the access granted by that connection instead of asking merchants to paste a Stripe secret key into the app.
FlowSaver stores the local identifiers and workflow state needed to coordinate billing operations, recovery, and audit visibility. Raw card numbers are not stored by FlowSaver.
The product keeps local audit and activity records for workspace changes and workflow execution so merchants can review what the app attempted and when.
When legacy widget fallback paths are used, merchants can configure which origins are allowed to load that surface.
FlowSaver coordinates workflow logic around Stripe. It does not replace Stripe's settlement, card-data handling, dispute tools, or payment account controls.
What Stripe remains responsible for, and what FlowSaver actually does.
If you need architecture clarifications, pilot security answers, or want to report a suspected issue, contact the team directly. This page should stay aligned with real product behavior.
Contact FlowSaver