We treat the security of your data very seriously. Our website uses the secure version of HTTPS (Hyper Text Transfer Protocol Secure), the protocol over which data is sent between your browser and the website that you are connected to. The ‘S‘ at the end stands for SECURE. It means all communications between your browser and the website are encrypted. The padlock in the address indicates that the website connection is secure.
Encryption of sensitive data and communication
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).