Our Data Portability Terms and Conditions

Braintree supports Credit Card Data Portability and will provide customers with all the Sensitive Data they've processed and or stored.

Process of Transferring Data:

• Step 1 - Demonstrate attestation of PCI Compliance from a qualified provider.
• Step 2 - We will request a public encryption key (from the merchant or receiving Service Provider). We will use the public key to encrypt the Sensitive Data and then transmit it via SFTP, SCP, or FTP over SSL.

To generate a private and public key:
openssl genrsa -out private.key 4096
openssl rsa -in private.key -out public.key -pubout

Braintree will need the public.key file. It is the responsibility of the merchant or receiving service provider to protect the private key file in accordance with the PCI DSS. Braintree will verify the authenticity of the public key before using it for encryption.

Fees

None.

Time frame

10-15 business days after receiving the attestation of compliance and public key.