We accept payments using our payment partners Stripe and PayPal.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, they use the best-in-class security tools and practices to maintain a high level of security at Stripe.
All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons can obtain plaintext card numbers but can request that cards are sent to a service provider on a static allowlist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
PayPal stores your personal data in secure databases. In addition, it automatically encrypts your confidential information when it’s stored and transmitted. Your data can’t be intercepted when it’s sent from your computer to ours. Plus, when you use PayPal to make a secure purchase, they don’t share your payment details with the us.
Regarding your most sensitive data (bank account numbers, credit card numbers), they have designed their system so even their employees only see the information necessary to help you. For example, they can only see the last 4 digits of your financial account numbers.
To protect the security of customers’ data, they don’t disclose the location of our databases or details related to our security systems, algorithms, or encryption systems.