Last updated: May 2, 2020. We may update this article in the future.
We do not store passwords. Storing passwords in plain text or even in encrypted form is bad practice. We'll never know what your password is. Instead, we store a one-way, secure digest that is generated in a way that it is not computationally realistic to reconstruct.
Alternatively, you can authenticate yourself without even using a password: if you have an Apple ID that has two-factor authentication enabled, you can sign in quickly and securely with Face ID, Touch ID, or your device passcode.
We do not store credit card information, neither fully, nor partially, and don’t store credit card data in tokenized form either.
Your data are sent using HTTPS
Whenever your data are in transit between you and us, everything is encrypted, and sent using HTTPS over public networks. We use an SSL certificate issued by Sectigo. The connection uses AES_128_GCM or AES_256_GCM for encryption, with SHA-2 for message authentication and ECDHE_RSA as the key exchange mechanism. We test our HTTPS settings regularly, and aim for an A+ overall rating.
We protect your billing information
When you pay for our service, your credit card information is transmitted over an encrypted network connection to our payment processor. We run regular tests required by the payment card industry, and have the results attested by an Approved Scanning Vendor.
Redundancy and physical security
Our primary data center is in Nuremberg, Germany. We also use Amazon’s services in their Germany (Frankfurt) Region. Data is backed up daily. Our software infrastructure is updated regularly with the latest security patches.
If you have more questions, visit our support pages.