How and when we collect information
We collect “personal” information from you when you provide it to us. For example, if you purchase a product from us, we may collect your name, mailing address, telephone number, credit card number, and email address. If you sign up to receive a newsletter, we will collect your email address.
What we do with your information
We are committed to protecting your privacy. Under no circumstances do we rent, trade or share your e-mail address with any other company for their marketing purposes. We use your personal information for internal purposes, such as processing and keeping you informed of your order. You may, from time to time, receive information from us about new features, new services and special offers we think you’ll find valuable.
The personal information that you give us when you place an order is used to process and fulfill your order. This necessarily involves sharing your details with the third parties we have partnered with to fulfill your order (such as fulfillment or delivery companies). We also use your personal information for our own internal purposes, such as providing customer support or providing, maintaining, evaluating and improving our products and services.
We partner with credit card processing companies to assist us in processing your payment. However, those companies do not retain, share, store, or use personally identifiable information for any secondary purposes. We may disclose the personal and non-personal information of our customers to any successor-in-interest of ours, such as a company that acquires our business. We may need to disclose your personal information when required by law or when we have a good-faith belief that such action is necessary to comply with a judicial proceeding, a court order or legal process.
Your choice to opt-out of certain communication
If you are no longer interested in receiving e-mail announcements and other marketing information from us, please follow the unsubscribe instruction in our e-mail or e-mail your request to firstname.lastname@example.org. Please include your complete name, e-mail address and mailing address. Note that you may still receive vital customer service related communications from us, if relating to our duties in filling out any future order you might make.
Protecting your information
The security of your personal information is important to us. When you enter sensitive information such as a credit card number on our registration or order forms, we encrypt that information using secure socket layer technology (SSL).
Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
SSL and HSTS
Stripe forces HTTPS for all services, including our public website. We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Chrome and Firefox. For more about implementing SSL on your own website, read our SSL guide.
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static white list. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
Stripe follows generally accepted industry standards to protect the personal information submitted to us from unauthorized access or disclosure, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. We assume no liability for any disclosure of data due to errors in transmission, unauthorized third party access or other acts of third parties, or other acts or omissions.