When a customer makes a payment using their card, we store certain details in our billing system database to facilitate automated invoice payments, domain renewals, and other billing-related services for convenience.
The following card information is stored:
- Full card number
- Last 4 numbers of the card
- Expiration date and/or the issue date
Please note, CVV/security code is never stored. It is securely transmitted to our payment processor at the time of the transaction.
All stored data is encrypted using 256-bit AES encryption and protected with a passphrase of 32 random characters. Only two employees have access to the passphrase, ensuring that the encrypted data cannot be decrypted without it.
Our database, which houses user information, service details, invoices, and support tickets, is not publicly accessible and is secured with randomly generated passwords, which are changed every 180 days. Additionally, it is kept separate from the billing system web server for added security.
To maintain security, we promptly update our billing software whenever a new release becomes available. We also employ custom monitoring scripts to detect intrusion attempts, SQL injections, fake or fraudulent signups, and other potential security threats. Our systems exceed PCI DSS requirements for card information security.
While no system can be 100% secure, we continuously monitor for new threats and vulnerabilities to ensure the highest level of protection for your information.
