Payment and Security
You might wonder if shopping with us is safe and the answer is absolutely yes. We selected Stripe as our payment provider because it has the highest level of security.
How it works?
With Stripe.js, our customers type their card details into a form on a page served from our site, but the Stripe.js code communicates directly with the Stripe server. The customer’s card details never pass through our web server.
Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
SSL and HSTS
Stripe forces HTTPS for all services, including our public website. We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Chrome and Firefox.
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe's internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe's infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn't share any credentials with Stripe's primary services (API, website, etc.).
The only thing we are able to see is your last 4 digits card number to be able to match it if refund is requested. If you have any questions, do email us at firstname.lastname@example.org - we always respond!