Customers share some of their most sensitive information in your online store including their names, addresses, and credit card details. That’s why we put forward our best effort to process data in a completely secure manner. Find out what we do to protect your customers’ data.
Store always runs via HTTPS
Online store is always launched using an HTTPS connection. You can always verify this by inspecting your store’s network sessions. To indicate checkout is secure, your store shows a message on the checkout page:
If you added store to your own website, remember to take care of your site’s security. This will not affect the security of your online store, but it’s
best to be secure across your domain.
Online store doesn’t collect credit card information
Your store does not actually handle your customers’ credit card information. In fact, we don’t collect, store, or process such data in any way. Instead, we support a number of popular payment gateways that process your customers’ payment information. These payment processors can be divided into two groups based on the way they interact with a store.
Payments on the payment processor’s secure page
When a customer places an order, your store sends the order information to the payment processor and securely redirects the customer to the payment gateway’s web page where they enter their credit card information. When payment is complete, the payment processor sends a reply (callback) confirming payment to the store.
Payments completed without leaving the store
Some payment processors (Stripe, Square, etc.) are integrated with the store differently. With these payment processors, customers are not redirected. Instead, they see a payment form right on the store’s checkout page.
In this case Online store works within a customer’s browser. This way, when a customer enters their credit card information, the data is not transferred to the server where your website or store is located. Online store connects directly to the payment gateway via a highly secure channel and sends a request with the order information. This information is not transferred to the server where the Online store resides, does not pass through, and is not stored by us. The payment gateway performs all operations with this data and returns a callback confirming payment to online store.
This solution was verified and approved by Qualified Security Assessor (QSA).
Online store is PCI DSS certified
PCI DSS stands for Payment Card Industry Data Security Standard, and Online store is a PCI DSS validated Level 1 Service Provider. This is the highest international standard for secure data exchanges for online stores and payment systems.
Online store uses secure hosting
All data — products, customers, general information — is kept in your Online store. We regularly scan our system for breeches and protect this information with software updates and backups of your store data. We store the data on Amazon Web Services — the most reliable and secure hosting solution.