The ThymeBase Privacy & Security Promise
We always respect your data. Always!
We’ve thought carefully about how to deliver stability and security to you, our customers. We handle your data with the utmost care, encrypt all online data transfers and store it safely. We also work with third-party security services that run regular penetration tests and network scans to reduce vulnerabilities and security threats to your data.
To keep things simple, ThymeBase:
- does not store your credit card details. We never ever even see the numbers. All transactions are safely and privately processed by Stripe, our credit card processor.
- encrypts all data sent via the website and all data is stored securely in compliance with virtually every regulatory agency in the world.
The ThymeBase website uses a secure connection to your browser called Transport Layer Security (TLS) - that’s HTTPS:// instead of lame old HTTP://. TLS is a cryptographic protocol with strong SHA-2 and 2048-bit encryption that makes communication between your browser and ThymeBase secure.
We do not store, nor have access to your credit card details at all. That information is stored at Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. They make use of best-in-class security tools and practices to maintain a high level of security at Stripe.
Read more about Stripe’s security protocols here: https://stripe.com/docs/security/stripe
No one other than our developers can access your data and this is only done if it is necessary to solve client-related issues.
ThymeBase’s application infrastructure is hosted by Heroku and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. The data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building entry points. AWS supports more security standards and compliance certifications than anyone else, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, helping satisfy compliance requirements for virtually every regulatory agency around the globe.
Read more about Amazon’s AWS security protocols here: https://aws.amazon.com/security/
Read more about Heroku’s security protocols here: https://www.heroku.com/policy/security
If you have questions, concerns or comments regarding our security, please contact us at firstname.lastname@example.org.