Durable's Payment Security with Stripe
Security is of the utmost importance when it comes to processing payments. Durable is proud to utilize Stripe for all of our payment processing needs. Stripe has undergone a PCI certification process and achieved a Service Provider Level 1 certification, the highest level available in the payments industry. This means that at no point do we store or access any sensitive financial information on our own database.
All card numbers are encrypted at rest with AES-256 encryption. Decryption keys are stored on separate, secure machines. Stripe's internal servers and daemons are unable to obtain plaintext card numbers; however, service providers on a static allowlist may make requests. Stripe's infrastructure for handling, decrypting, and transmitting card numbers runs in a separate hosting environment with no connection to Stripe's primary services (API, website, etc.).
For more information about Stripe's security measures, please visit their documentation.