E-commerce security

We take the security of our users' data very seriously. As such, we want to make you aware of some of the measures we take to secure your account and credit card data.

Production Type is secured with 256-bit SSL encryption. All card payments are fully PCI (DSS 2.0 standard) Level 1 compliant.

Credit Card Data

Your credit card data is protected both during transmission from your computer to the bank server, and while saved on the server. We never store your credit card data ourselves. Credit card data is sent over a PCI-compliant encrypted connection to our servers (TLS 1.0 with a 4096-bit RSA key and a 256-bit cipher suite), which are housed in a secure, monitored data center facility with restricted physical access. You can inspect the HTTPSecure and SSL/TLS server certificate at any time in your browser. 

Your credit card data is never saved on our servers. In fact, cardholder data is not saved on any servers connected to the Internet. We use Paymill Gmbh to process and store credit card data. Paymill is a validated Level 1 PCI DSS compliant service provider with strict privacy and security controls. Credit card processing uses, where available, 3D Secure protection. In case of alternative billing option such as monthly subscription billing and the "Remember my card for next time" features are facilitated by the use of credit card tokens, which reveal no information about the cardholder or card itself. 

Account Data

All account settings (including your password) are sent over an encrypted connection (see the Credit Cards section above for details). You can inspect the HTTPSecure and SSL/TLS server certificate at any time in your browser.

A salted hash of your password is stored on our servers for authentication purposes. Using a hash of your password allows us to know if the password you entered is correct or not without actually storing your original password at all. If you forget your password, we cannot retrieve it, but instead will reset it to something new. Passwords are never saved (plain text or encrypted).

Reporting Issues

If you think you have discovered a security vulnerability, please email us. Please visit our support page for general issues.