MapleDeploy keeps your application data, databases, and server configurations on Canadian infrastructure. But our payment processing goes through Stripe, a US company.
We tried to go fully Canadian. Here's why we couldn't, what it means for your data, and what we offer as an alternative.
Why not a Canadian processor?
We wanted to use Helcim, a Calgary-based payment processor with interchange-plus pricing and a genuinely good API. But Helcim's acceptable use policy classifies "website hosting" as a prohibited business category when it's the sole service offering, and as a restricted category when it's part of a larger offering. MapleDeploy sells managed hosting, so we were cut off.
The reasoning makes sense at a portfolio level. Hosting has historically carried higher chargeback rates and abuse potential, so processors classify the whole category as risky. But it creates a frustrating catch-22: we built a business specifically to keep Canadian data on Canadian infrastructure, and the Canadian payment processor won't take our money. So the payment data goes to the US instead.
We'd like to revisit this with Helcim as we build a track record. They do have a review process for restricted categories.
Why Stripe
So we went with Stripe. Here's what it gets us:
- PCI Level 1 compliant. No card data touches our servers. Customers complete payment on Stripe's hosted checkout page.
- Subscription lifecycle management. Automated billing, dunning for failed payments, and self-service customer portal for card updates and invoice viewing.
- Extensive documentation and SDK. Critical for a small team shipping quickly.
- Webhook coverage. Every billing event we need is covered, from trial endings to payment failures to cancellations.
What this means for your data
Stripe is a US-headquartered company. Payment data (card details, billing address, transaction history) is processed in US data centers. This means payment data is subject to US jurisdiction, including potential access by US courts, law enforcement, or national security authorities.
PIPEDA does not require personal data to remain in Canada. The OPC's guidance on cross-border transfers allows organizations to transfer personal information for processing, provided they ensure comparable protection and remain accountable for the data.
It's a real tradeoff, and we'd rather be upfront about it than bury it in a privacy policy.
Your application data, databases, and server configurations never leave Canada. Payment data is the only category that crosses the border, handled by a PCI Level 1 certified processor.
We accept Interac e-Transfer
For customers who prefer to keep payments within Canadian banking infrastructure, we accept Interac e-Transfer. Interac is a Canadian interbank network, and e-Transfer transactions are processed domestically between Canadian financial institutions.
E-transfer payments are handled manually. You'll receive a monthly invoice and send payment directly. There's no automated billing or self-service portal for this option. Contact us at hello@mapledeploy.ca to arrange e-transfer billing.
Looking ahead
This isn't unique to us. Canadian payment processors exist, but the ones with mature APIs either classify hosting as restricted or don't offer the subscription lifecycle tooling we need. We didn't want to compromise on either, so we offer both: Stripe for automated billing, and Interac e-Transfer for customers who want payments to stay in Canada.
We'd switch to a Canadian processor tomorrow if one would have us. If you know of one that serves managed hosting companies with mature subscription APIs, we're at hello@mapledeploy.ca. Until then, Stripe handles payments, and everything else stays in Canada.
Our full list of service providers is on our sub-processors page.