Safe buying on Gumroad
The Internet can be a scary place for people with credit cards and PayPal accounts and morality, which is why our Risk, Fraud, and Payments teams work hard to make buying on Gumroad safe. Seriously safe.
Warning: The following contains links to extremely dry reading material about online payment processing. Do not attempt to read these articles while operating heavy machinery.
When you buy something on Gumroad, on a secure browser:
- Your payment is secured by TLS, a higher grade of security than SSL, with 128-bit encryption and using modern SHA2 cyphers.
- Your payment is processed using PCI Compliant service providers. PCI Compliance means that our providers meet current security standards for handling payment information.
For a full FAQ on what PCI Compliance entails, check out this page.
In other (actual) words...
Your payment details never get stored anywhere when you buy on Gumroad. We don't have access to your credit card information - we just have a token that represents your credit card. The same goes for your PayPal details. That means if your Gumroad account, or even Gumroad itself, were compromised, nobody would gain access to your payment data.
If you choose to save your credit card for future buying on Gumroad, these same PCI compliant providers keep your information safe, and encrypted.
When you create an account with us, we use methods called "Salting" and "Hashing" to store your encrypted password. It sounds scrumptious, yes, but it's more of an acquired taste. What it means is, if an attacker were to get hold of our database, they would not be able to see any users' passwords.
Learn more about how our payments work in this blog article. It has fun illustrations and will serve as a nice Après-Repas from these links.
If you have any specific questions about our security measures or would like to express any kind of concern, please email us at any time.