Skip to main content

How Stripe payments work in the portal

The portal uses Stripe for all payment processing. Artisan Lab never stores full card numbers; we keep only a Stripe token (a reference) plus the last 4 digits for your records.

Three billing policies

Each organization is on one of:

Prepay

  • At case submission: Stripe places an authorization hold on your default card for the estimated case total. This reserves the funds but doesn't take them.
  • When the case ships: the authorization is captured — money moves from your bank to ours.
  • If the case is cancelled: the authorization is released — funds return to your card immediately, no charge.
  • Authorization lifetime: 7 days. If the case isn't shipped (or cancelled) within 7 days, the auth expires and a new one is created at ship time.

Autopay

  • At case submission: nothing.
  • When the case ships: automatic capture charges your default card for the final amount.
  • If the card fails: case still ships; you'll get a "payment failed" notification and an invoice you can pay manually.

Net terms

  • At case submission: nothing.
  • When the case is delivered: an invoice is generated.
  • You pay: within your agreed terms (typically Net 30 or Net 60) by clicking Pay now on the invoice.
  • Past-due: reminder emails at 30/60/90 days overdue; account paused at 90+ days.

What you see

  • Cards on file — managed at Payment methods
  • Charges — receipts emailed by Stripe; also visible per-invoice in the portal
  • Disputes — if you initiate a chargeback through your card issuer, Stripe notifies us; we'll reach out within 1 business day

What we see

  • The Stripe token + last 4 + expiration of cards you've added
  • Charge and refund history per invoice
  • Dispute notifications (we track these in our billing dashboard for follow-up)
  • NOT: full card numbers, CVCs, your bank balance

PCI compliance

Card data flows directly from your browser to Stripe via Stripe Elements. Our backend never touches it. This puts us in PCI SAQ-A scope — the easiest compliance tier — and protects you from card-data breach risk on our side.

Testing (for ourselves, in dev only)

Stripe test cards work only against our development backend (not prod). The most common is 4242 4242 4242 4242 with any future expiry and any CVC. We never use test cards in production.

See also