We follow best practices to ensure the security and proper use of all personal information and other customer data. This includes encrypting sensitive information, employing administrative, physical, and technical controls, and auditing by reliable external security vendors.

  • Customer credit cards are stored in encrypted form, and passwords are securely hashed.
  • All data is encrypted during transit between our datacenters.
  • We maintain independently-audited PCI-DSS compliance.
  • Where possible, we use HTTPS by default on our websites.
  • Employee access to customer data is audited and restricted to the minimum necessary access level.

What other frameworks have a similar principle?