No credit card information is ever stored on our servers. We use Stripe.com, one of the most secure and reputable payment processors available. Our website complies with the Payment Card Industry Data Security Standards (PCI DSS). Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry. Stripe forces HTTPS for all services using TLS (SSL).
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
Bionic Turtle never sees (or has access to) your credit card data at all. When payment information is collected, it is securely transmitted directly to Stripe without it passing through our servers, so you can rest assured that your credit card information is safe.