Security is one of the biggest considerations in everything we do. If you have any questions or encounter any problem please email us [email protected]
Our payment systems have been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of OneFitStop's internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. OneFitStop's infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn't share any credentials with OneFitStop's primary services (API, website, etc.).