E-commerce Security
We use a SSL certificate to protect your customer information. We do not store any of your financial data and we do not have access to your card info.
Payments are processed by Stripe and governed by its privacy policy, with SCA (strong customer authentification) as the regulation requires, and 3-D Secure payment where supported.
Credit Card Data
Your credit card data is protected both during transmission from your computer to the bank server, and while saved on the server. We never store your credit card data ourselves. Credit card data is sent over a PCI-compliant encrypted connection to our servers (TLS 1.0 with a 4096-bit RSA key and a 256-bit cipher suite), which are housed in a secure, monitored data center facility with restricted physical access. You can inspect the HTTPSecure and SSL/TLS server certificate at any time in your browser.
Your credit card data is never saved on our servers. In fact, cardholder data is not saved on any servers connected to the Internet. We use Stripe to process and store credit card data. Stripe is a validated Level 1 PCI-DSS compliant service provider with strict privacy and security controls. Credit card processing uses, where available, 3D Secure protection. In case of alternative billing option such as monthly subscription billing and the "Remember my card for next time" features are facilitated by the use of credit card tokens, which reveal no information about the cardholder or card itself.
Account Data
All account settings (including your password) are sent over an encrypted connection (see the Credit Cards section above for details). You can inspect the HTTPSecure and SSL/TLS server certificate at any time in your browser.
A salted hash of your password is stored on our servers for authentication purposes. Using a hash of your password allows us to know if the password you entered is correct or not without actually storing your original password at all. If you forget your password, we cannot retrieve it, but instead will reset it to something new. Passwords are never saved (plain text or encrypted).
Reporting Issues
If you think you have discovered a security vulnerability, please email us.