Bluefactory subcontract payment method to Stripe.
This does not mean we do not take care of this part of our activity. We choose Stripe for its high-security standards, accuracy, and simplicity.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, it makes use of best-in-class security tools and practices to maintain a high level of security at Stripe.
Encryption of sensitive data and communication
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decryption, and transmitting card numbers runs in separate hosting infrastructure and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
Stripe care deeply about the protection of users’ data. It has looked at how to ensure that it remains compliant with evolving European law regarding transfers of European personal data, updated with GDPR.
How is Stripe ensuring the adequate protection of European data transfers?
Stripe’s services in Europe are provided by a Stripe affiliate—Stripe Payments Europe Limited (“Stripe Payments Europe”)—an entity located in Ireland. In providing Stripe Services, Stripe Payments Europe transfers personal data to Stripe, Inc. in the US. To ensure the adequate protection of personal data, Stripe has certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework. Stripe Privacy Shield Policy is available here.
In addition to Privacy Shield, Stripe continues to employ additional compliance measures to ensure an adequate level of protection of personal data transferred outside the European Economic Area.
Stripe remains compliant with European data protection laws. If you have additional questions regarding payment method and Stripe policy privacy, please contact them at firstname.lastname@example.org.