Is my credit card information encrypted?

Yes absolutely. We offer both PayPal and Stripe as options for our checkout/payment gateway. Below is some additional information on the security policies from both companies:

Security at Stripe

A PCI-certified auditor has audited Stripe. We’re a certified  PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we use the best-in-class security tools and practices to maintain a high level of security at Stripe.

HTTPS and HSTS for secure connections

Stripe forces HTTPS for all services using TLS (SSL), including our public website and the Dashboard to ensure secure connections:

  • Stripe.js is served only over TLS.
  • Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection.

We regularly audit the details of our implementation, including the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure that browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.

Sensitive data and communication encryption

All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons can obtain plain text card numbers but can request that cards are sent to a service provider on a static allowlist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services including our API and website.

Learn more about Stripe's security technology HERE


PayPal Data protection standards

Payment Card Industry Data Security Standard (PCI-DSS) is a set of comprehensive requirements that all businesses handling credit and debit payments must comply with. These standards help reduce the likelihood of identity theft, fraud and unauthorized transactions. In addition to industry and regulatory encryption requirements, our Information Security Policies and Controls are reviewed by independent third parties. We hold certifications under many programs and standards, including the Visa Cardholder Information Security Program, Mastercard Site Data Protection Program and the American Institute of Certified Public Accountant’s Statement on Standards for Attestation Engagements No. 18 SOC 1.

Lean more about PayPal's security technology HERE

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us