Safe buying on Gumroad
The Internet can be a scary place for people with credit cards and PayPal accounts and morality, which is why our Risk, Fraud, and Payments teams work hard to make buying on Gumroad safe. Seriously safe.
Warning: The following contains links to extremely dry reading material about online payment processing. Do not attempt to read these articles while operating heavy machinery.
When you buy something on Gumroad, on a secure browser:
- Your payment is secured by TLS, a higher grade of security than SSL, with 256-bit encryption and using modern SHA2 cyphers.
- Your payment is processed using PCI Compliant service providers. PCI Compliance means that our providers meet current security standards for handling payment information.
For a full FAQ on what PCI Compliance entails, check out this page.
In other (actual) words...
Your payment details never get stored anywhere when you buy on Gumroad. We don't have access to your credit card information - we just have a token that represents your credit card. The same goes for your PayPal details. That means if your Gumroad account, or even Gumroad itself, were compromised, nobody would gain access to your payment data.
If you choose to save your credit card for future buying on Gumroad, these same PCI compliant providers keep your information safe, and encrypted.
When you create an account with us, we use methods called " Salting" and "Hashing" to store your encrypted password. It sounds scrumptious, yes, but it's more of an acquired taste. What it means is, if an attacker were to get hold of our database, they would not be able to see any users' passwords.
What about privacy?
When you buy a product on Gumroad, the creator of products can see:
- Your email address that you use on the purchase
- The name that you enter into the field
They do not see your credit card information.
You will be asked after your purchase whether or not you want to receive updates from them. You can unsubscribe from any updates they send you through Gumroad.
Please be aware that as of January 2021, we are now using PayPal Connect. With these PayPal changes, purchases are now directly between customers and Gumroad creators. For both creators and customers, information such as your PayPal email address, name, and other account details may be visible on the receipt and/or your PayPal dashboard.
If you have Google or Apple Pay enabled on your computer or mobile device, you'll be able to purchase with just a few clicks. Google Pay only works when a credit or debit card is linked to it. In some countries, where bank accounts are linked to your Google Pay account, this means the button may not show up.