Buying on a secure browser
- Your payment is secured by TLS, a higher grade of security than SSL, with 256-bit encryption and using modern SHA2 cyphers.
- Your payment is processed using PCI compliant service providers. PCI compliance means that our providers meet current security standards for handling payment information. For a full FAQ on what PCI compliance entails, check out this page.
In other words, your payment details are not stored anywhere when you buy on Gumroad. We don't have access to your credit card information—only a token that represents your credit card. The same goes for your PayPal details. That means if your Gumroad account, or even Gumroad itself, were compromised, nobody would gain access to your payment data.
When you create an account with us, we use methods called "Salting" and "Hashing" to store your encrypted password. What it means is, if an attacker were to get hold of our database, they would not be able to see any users' passwords.
When you make a purchase on Gumroad, the creator of products will see:
- Your email address used for the purchase
- Your name or any other information that you enter into the field at checkout
They do not see your credit card information or the name on your card.
You will be asked after your purchase whether or not you want to receive updates from them. You can unsubscribe from the updates they send you through Gumroad anytime.
We have been using PayPal Connect since January 2021, which means the payment is now directly between the customer and the Gumroad creator. For both creators and customers, information such as your PayPal email address, name, and other account details may be visible on the receipt and/or your PayPal dashboard.
If you have Google or Apple Pay enabled on your computer or mobile device, you'll be able to purchase with just a few clicks.
Google Pay only works when a credit or debit card is linked to it. This means the button may not show up in some countries where bank accounts are linked to your Google Pay account.