We take our customers’ security very seriously and utilise Stripe, the leading secure online payment gateway, for all online transactions. All card details are encrypted in a secure host environment.
Stripe meets and exceeds the most stringent industry standards for security. Click here to learn more about the technical details of Stripe's secure infrastructure.
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe's internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe's infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn't share any credentials with Stripe's primary services (API, website, etc.).
Stripe is PCI-compliant. It has been audited by a PCI-certified author and has been certified as a PCI Level 1 Service Provider. Stripe has security information regarding this.
For telephone transactions, we use PayPal and we do not store credit card details nor do we share customer details with any 3rd parties.