Secure payment

All credit card payments processed on this site are handled through PayPal and Stripe, well-known and trusted processors. We take your security seriously. 


PayPal and Stripe are both audited by a PCI-certified auditor, and are certified to PCI Service Provider Level 1. This is the most stringent level of certification available.


Both PayPal and Stripe force HTTPS for all services. They regularly audit the details of their implementation: the certificates they serve, the certificate authorities they use, and the ciphers they support. They use HSTS to ensure browsers interact with their payment platforms only over HTTPS. 


All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines by Stripe. None of Stripe's internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe's infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn't share any credentials with Stripe's primary services (API, website, etc.).