Frequently asked.
Direct answers to the questions we get most often from engineers, founders, and procurement teams. If yours isn't here, send us a note.
The basics.
What is Paytone?
Paytone is a payment orchestration platform. We sit between your application and the payment providers, acquirers, and methods you use — and we give you a single API, dashboard, and control plane to manage all of them. Think of it as an operating layer for global payments that consolidates integration work, routing logic, and ops tooling in one place.
Who is Paytone for?
We're designed for digital businesses processing payments at meaningful scale — typically $1M+ in monthly volume, operating across more than one geography, or running into the limits of a single PSP. Common customers include subscription businesses, marketplaces, iGaming operators, travel companies, SaaS companies, and PSPs building their own white-labelled offering.
What does "orchestration" actually mean?
Orchestration means coordinating multiple underlying payment providers behind a single integration. You decide which provider handles which transaction based on cost, geography, approval rate, currency, or any other signal you care about — and you reroute on failure automatically. The result: better approval rates, lower processing costs, and the ability to swap providers without rewriting your integration.
Does Paytone replace my existing payment providers?
No. Paytone sits in front of providers like Stripe, Adyen, Checkout.com, and local acquirers — it doesn't replace them. You keep your existing contracts and processing relationships, and we add the orchestration layer on top. This is by design: we believe customers should pick the underlying providers that serve them best, not be locked into ours.
How is this different from a payment gateway?
A payment gateway typically connects you to a single acquirer and provides a checkout. Orchestration is a layer above that — it manages multiple gateways and providers, decides which one handles each transaction, and gives you visibility and control across the entire stack. If you're using more than one PSP, or thinking about adding one, orchestration is what stitches the experience together.
Building with Paytone.
How long does integration take?
Most technical teams have a sandbox transaction working within a day, a complete integration in a sprint, and live transactions inside a month. Time-to-live depends mostly on your internal review and procurement cycles, not on us — the API itself is intentionally small.
What languages and SDKs do you support?
We maintain first-party SDKs for Node.js/TypeScript, Python, Go, Ruby, PHP, and Java/Kotlin. The API itself is plain REST with a published OpenAPI specification, so if your stack isn't on that list you can generate a typed client in minutes. Curl works fine too.
Is there a sandbox?
Yes — and it runs the same code as production. The sandbox supports deterministic test cards, scripted failure modes, simulated provider downtime, and webhook tunneling to your localhost. Sandbox access is free and unlimited; no credit card or contract required to evaluate.
How reliable are your webhooks?
Webhooks are delivered with at-least-once semantics, signed with HMAC, and retried with exponential backoff for up to 72 hours. Every event has a stable type, an event ID for deduplication, and the full resource snapshot included. You can also replay any event from the last 30 days from the dashboard or API.
What happens if a provider goes down?
That's exactly the failure mode orchestration is designed for. If a configured provider becomes unhealthy, Paytone automatically reroutes new transactions to your defined fallbacks based on the rules you set — by geography, method, BIN, or whatever signal matters most. Customers see no disruption, and you get a notification with the relevant details.
Money matters.
How is your pricing structured?
We charge a platform fee — typically a small per-transaction amount that decreases with volume, plus an optional monthly platform fee for enterprise features. Processing fees stay with your underlying provider contracts; we don't add a markup on those. Pricing is transparent and quoted upfront once we understand your volume and use case.
Do you charge per transaction?
Yes, but at a fraction of a typical PSP fee — the platform fee is a thin layer on top of your underlying processing costs. For most customers, the savings from improved routing and approval rates more than cover our fee.
Is there a setup fee?
No setup fee for standard integrations. For white-label or custom infrastructure builds we sometimes charge an implementation fee that reflects the engineering work involved — but it's discussed and agreed upfront, never a surprise on the invoice.
Do you offer volume pricing?
Yes. Per-transaction pricing decreases meaningfully at higher volume tiers, and at enterprise scale we typically move to a custom commercial model. We're happy to share indicative pricing once we understand your monthly volume and growth curve.
The compliance questions.
How do you handle cardholder data?
Card PANs are tokenized at the network edge and never stored in your application environment. Only tightly scoped, isolated systems on our side ever process raw card data, and we work exclusively with established underlying providers for cardholder data handling. Control documentation is available to regulated counterparties under NDA.
How is data stored?
All data is encrypted at rest using AES-256 and in transit with TLS 1.2+. Sensitive fields receive additional envelope encryption with rotated keys. Region-scoped storage is available for customers with data-residency requirements — typically EU, UK, and other regional regions depending on your needs.
Are you GDPR compliant?
Data handling is GDPR-aligned across the platform. We sign data processing agreements with customers, support subject-access and erasure requests through documented workflows, and let you configure retention policies for both transactional and personal data. Our DPA is available on request.
How do you handle 3-D Secure?
3-D Secure 2 is supported across all card transactions, with smart routing of authentication challenges to maximize frictionless flows where the issuer permits. You can configure when to apply strong customer authentication based on amount, geography, risk score, or regulatory requirements like PSD2 SCA in the EU.
Didn't find an answer?
If your question isn't covered here, send a note to the team. We answer thoughtful questions thoughtfully — usually within one business day.