Secure Payments
The security of your personal information and data is critical to everything that we do here at Privacy. Here are some relevant details about the safeguards we have built into our technology stack.
Overview
Our team includes people with experience at some of the top payments and security companies, and we’re bringing that expertise to Privacy.
Privacy is PCI-DSS compliant. We are held to the same rigorous security standards as your bank. We also comply with the international ISO 27001 standard and are SOC1 and SOC2 Type 2 certified.
Data at Rest / Infrastructure
Passwords are hashed using PBKDF2 with 100k iterations and salted to make rainbow table attacks more difficult.
Sensitive data is encrypted using industry standard protocols.
Customer data is stored in geographically redundant data centers using both AWS and dedicated single tenant hardware.
Data in Transit
Data is never sent in plaintext. All web traffic is sent over Transport Layer Security (TLS) HSTS for privacy and security.
Inter-data center communication protected via by Internet Protocol Security (IPsec) with AES-256.
Privacy Security Policies
Aggressive biannual encryption key rotation schedule.
Servers are firewalled and regularly updated with the latest security patches.
We follow OWASP best practices and all code is peer-reviewed before deployment.
For access controls, we follow principles of least privilege.