Our practices are consistent with PCI compliance:
- No credit card data is stored in our application or database.
- All sensitive payment information is transmitted over SSL encrypted connections.
- Our systems are regularly reviewed for security vulnerabilities and we have never failed a test.
- Servers are hosted remotely in secure data centers (Amazon EC2 via Heroku) and access is highly restricted.