Contribute! Click & Collect Security Policy

Maintaining an evolving service secure requires a constant re-evaluation of risks and actions to mitigate them. Click & Collect does a reasonable attempt at keeping your information secure using time tested guidelines.

If you need to report a security vulnerability or have any questions regarding our security policy, please e-mail our security chief directly.

Physical Security

All of Click & Collect online services are hosted at DigitalOcean. As many well-known major web sites, we rely on DigitalOcean physical security to its data centers.

See also DigitalOcean's security policies.

Network Security

All communications to the authenticated service are done through TLS.

We are running latest operating system distributions and install security patches as they become available. Since you cannot hack something that is not there, we are always on the look out to remove unnecessary packages in the first place.

Solely the strict minimum number of Click & Collect employees have shell access to the Click & Collect infrastructure.

We monitor all access and attempted access to the virtual machines that provides Click & Collect service.

See also DigitalOcean's security policy.

Credit Card Safety

When you refill an Organization credit, we do not store any of your card information on our servers. It's handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers.

See also Stripe's security policy.