One of the most important considerations in providing our services at PayRange is security, so we have developed and operate an industry-leading security infrastructure.
PayRange’s systems and processes are designed to comply with the Payment Card Industry (PCI) Data Security Standards. Further, the service provider(s) of PayRange have been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1, the most stringent level of certification available. For any questions or concerns regarding our payment service provider, you may contact them at firstname.lastname@example.org.
SSL and HSTS
PayRange forces HTTPS for all services, including our public website. We use 256-bit encryption for the mobile app and between 128 and 256-bit encryption, depending on your browser, for our public website ensuring that all communications are secure. We perform regular audits of certificates we use, the certificate authorities we use, and the ciphers we support.
In addition to using HTTPS we strictly use HSTS to ensure browsers interact with PayRange only over HTTPS and never a non-secure connection.
PayRange supports encryption through all steps of a transaction. Our service provider encrypts the Card Data at the first step of the card transaction and sends it directly to their servers. Please visit www.stripe.com/security for more information. PayRange servers are located in secure data centers and physical access is monitored by security personnel 24 hours a day and requires multiple levels of authentication.
The PayRange app does not view, pass through, or store Card Data, and Card Data is never sent to or stored on PayRange servers. PayRange does not store any personally identifiable card data on our servers. We store the last four digits of the Card Data along with a token issued by our Service Provider(s).
We rapidly investigate all reported security issues. If you believe you’ve discovered a bug in PayRange’s security, please contact us at email@example.com. We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by PayRange.
For urgent security concerns or requests such as an incident, or suspected misuse of your account, please email our 24/7 priority security team at firstname.lastname@example.org. Please use our PGP public key so that your message is safeguarded. In your message, let us know how to contact you securely as well. Urgent requests will be addressed in 24 hours or less.
For non-urgent security questions, please contact email@example.com.
Our PGP key is below, which PayRange will use to sign all secure emails.
Key ID: DFC238BD
Key type: RSA
Fingerprint: 402C A1D4 C579 79F5 5DE4 4432 CD41 20CD DFC2 38BD
—–BEGIN PGP PUBLIC KEY BLOCK—–
—–END PGP PUBLIC KEY BLOCK—–