For applicants · Security
How is my card data protected?
AES-256-GCM encryption at rest, key isolated, vault deleted on cancellation.
Your card details are protected by AES-256-GCM encryption at rest — the same family of algorithms approved for protecting US government TOP SECRET information; a unique per-record initialization vector and authentication tag, so the same card never produces the same ciphertext twice; a 32-byte encryption key held in a server-side environment variable, NEVER in the database or source code; decryption only at the exact moment of a charge; and permanent deletion from the database when you cancel a subscription, when a one-time payment is processed, or when a subscription transitions to any terminal status.
See /help/security-and-processing for the full breakdown.