The ThymeBase Privacy & Security Promise

We always respect your data. Always!

We’ve thought carefully about how to deliver stability and security to you, our customers. We handle your data with the utmost care, encrypt all online data transfers and store it safely. We also work with third-party security services that run regular penetration tests and network scans to reduce vulnerabilities and security threats to your data.

To keep things simple, ThymeBase:

  • does not store your credit card details. We never ever even see the numbers. All transactions are safely and privately processed by Stripe, our credit card processor.
  • encrypts all data sent via the website and all data is stored securely in compliance with virtually every regulatory agency in the world.

Security Basics

The ThymeBase website uses a secure connection to your browser called Transport Layer Security (TLS) - that’s HTTPS:// instead of lame old HTTP://. TLS is a cryptographic protocol with strong SHA-2 and 2048-bit encryption that makes communication between your browser and ThymeBase secure.

We do not store, nor have access to your credit card details at all. That information is stored at Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. They make use of best-in-class security tools and practices to maintain a high level of security at Stripe.

Read more about Stripe’s security protocols here:

No one other than our developers can access your data and this is only done if it is necessary to solve client-related issues.

Infrastructure Security

ThymeBase’s application infrastructure is hosted by Heroku and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. The data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building entry points. AWS supports more security standards and compliance certifications than anyone else, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, helping satisfy compliance requirements for virtually every regulatory agency around the globe.

Read more about Amazon’s AWS security protocols here:

Read more about Heroku’s security protocols here:

Privacy Policy

ThymeBase’s privacy policy, which explains how we handle data input into ThymeBase, along with GDPR compliance, can be found here.


If you have questions, concerns or comments regarding our security, please contact us at .

Worried about moving your active events over to ThymeBase? No problem. We’ll do it for you. Email us and we’ll import your events and templates totally for free.