Data security
Data security is of enormous importance to us, and we take vital steps to safeguard our customers’ information.
Our environment utilizes Braintree payments (a PayPal owned company) which meets the highest industry standards and guidelines to keep your personal information and credit card data safe.
Data encryption via the Braintree Vault
Cardholder data is managed in the Braintree Vault, using multiple encryption keys with split knowledge and dual control. A data thief would not be able to make use of information stolen from a database without also having the key. This data store cannot be connected to via the internet.
Authentication and session management
Braintree requires us to authenticate every time our admins log into the Control Panel. Passwords are never stored directly in the database, and all API and Control Panel communication between merchants and Braintree is conducted using TLS (Transport Layer Security).
Activity monitoring and testing
Braintee reviews and observe employee, customer, and vendor activity to guard against suspicious or unauthorized activities. We conduct automated vulnerability scans at least quarterly, and at least once a year we have extended penetration testing conducted by outside sources.