How does Trainerize Pay keep my information safe and where is the sensitive data stored?
Trainerize Pay incorporates the incredibly powerful and safe Stripe Payment gateway. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
Encryption of sensitive data and communication
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. PGP Stripe has two PGP keys to encrypt your communications with Stripe, or verify signed messages you receive from Stripe.
Stripe's security team rapidly investigates all reported security issues. If you believe you’ve discovered a bug in Stripe’s security, please get in touch at firstname.lastname@example.org (optionally using our general PGP key). We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by Stripe.