Organization Payment Method
An organization can hold its own payment method, completely separate from any admin’s personal card. This card is what Stripe charges for org-attributed usage once the organization’s prepaid credit balance runs out, and before falling through to any individual member’s personal credits or card.
The org card lives on the organization — not on the admin who set it up — so it survives admin turnover. If the admin who originally added the card later leaves or is demoted, the card stays attached to the org until another admin updates or removes it.
Who can manage it
Section titled “Who can manage it”Only organization admins can add, update, or remove the org payment method. Regular members never see the org card form.
How the org card fits into billing
Section titled “How the org card fits into billing”When an org member’s compute or storage is billed, Carolina Cloud walks the following chain:
- The organization’s prepaid credit balance (if the member belongs to an org).
- The organization’s card on file (this page).
- The member’s personal trial credits.
- The member’s personal Stripe card on file.
Both org-side sources (credits + card) are exhausted before any member-side source is touched. That means:
- Members without a personal card never get surprise-billed — once org credits, the org card, and any personal trial credits are exhausted, their instances stop running.
- Members with a personal card stay running, but their card only sees charges after the org has fully drained its credits and its card.
- The org card never charges for usage that wasn’t already attributed to the org — it never picks up the tab for a member who isn’t part of the organization.
- Member personal trial credits are preserved while the org is paying. A member who joins an org doesn’t have to “give up” their free-trial balance — it stays intact and is only touched once both org-side sources are gone.
Org-owned storage (a shared bucket the org owns directly, not any member’s personal bucket) has no member to fall back to, so its cascade is shorter: org credits → org card → unbillable. The bucket is never auto-deleted by billing — when both org sources are dry, the storage interval is logged as unbillable and admins resolve it manually.
Adding the org card
Section titled “Adding the org card”- Go to Usage & Billing → My Organization in the dashboard.
- Scroll to Org billing → Payment method.
- Click Add Payment Method.
- Fill out the Stripe card form (same flow as the personal card).
- The card is verified immediately and is now attached to the organization.
The Stripe customer for your org is created on first add and reused on every subsequent update. The Stripe customer’s email is set to the owner’s email (the user who originally created the org) — see Owner is the billing contact below.
Updating or removing it
Section titled “Updating or removing it”From the same Org billing → Payment method section:
- Update Payment Method: walks you through the same Stripe form. The new card replaces the previous one and the previous card is detached from Stripe.
- Remove: detaches the card and cancels the org’s Stripe subscription. Org-attributed charges fall back to each member’s personal credits (then their personal card). No grace period — removal is immediate.
Removing the org card does not affect:
- The organization’s prepaid credit balance.
- Member personal cards or personal trial credits.
- Any member’s running instances (they keep running and bill to the next-available source in the chain).
If the org card is declined on a given billing tick (expired card, insufficient funds, etc.), that interval simply fails and is retried on the next billing tick. Billing does not fall through to the member’s personal card within the same tick — the next-source fallback only happens once the org card is fully removed or never existed in the first place.
Owner is the billing contact
Section titled “Owner is the billing contact”The org’s Stripe Customer is created with the owner’s email at the time the first card is added. This is significant because:
- Stripe-generated receipts, invoice notifications, and dispute correspondence all go to the owner’s email.
- Ownership cannot be transferred — the owner is set at org creation and is never reassigned. Promoting another admin doesn’t move the billing-contact role.
- Because the owner is immutable, the Stripe Customer’s email never goes stale through admin-rotation.
The only way the Stripe-side email can drift is if the owner changes their own Carolina Cloud account email — in that case, the Stripe Customer email stays at the original value until the next time the org card is updated or recreated.
Separate from your personal card
Section titled “Separate from your personal card”If you are an admin who has also added a personal card to your own account, the two cards are entirely independent. Stripe sees them as two different customers:
- Your personal Stripe customer is billed for your personal usage (and only after both org-side sources are exhausted).
- The organization’s Stripe customer is billed for org-attributed usage between org credits and any member’s personal card.
You can have either, both, or neither. There is no requirement to add a personal card before adding an org card, or vice versa. The two customers carry distinct Stripe metadata — the org customer is tagged with org_id and org_name so it’s distinguishable in the Stripe dashboard.
Audit trail
Section titled “Audit trail”Every org card lifecycle event emits a structured audit record to the billing audit stream (see the platform’s compliance log pipeline):
| Event | When |
|---|---|
billing.card_setup_initiated | An admin starts the add-card flow (Stripe SetupIntent created) |
billing.card_added | The SetupIntent verifies and the card is attached to the org |
billing.card_removed | An admin removes the org card and the org subscription is cancelled |
Each event records the acting admin, the target org (id + name), the Stripe Customer / Payment Method IDs touched, and the request context. Failures (e.g., Stripe declines the card, fraud filter blocks it) emit the same event names with outcome: failure and a reason field. Org-attributed usage separately emits billing.compute_metered (VM/container compute), billing.storage_metered (warm S3), and billing.cold_storage_metered (cold S3) events that record which Stripe customer was actually charged for the interval — so an auditor can reconstruct the full money trail without needing access to Stripe directly.