Keeping our customers' data secure is the most important thing that Mandarin Blueprint does. We go to considerable lengths to ensure that all data sent to Mandarin Blueprint is handled securely - keeping Mandarin Blueprint secure is fundamental to the nature of our business. We want to share some of the details of what we do to keep things secure, and some of the work that we're doing to continually improve the security of your data. This document is a living document, and we will add to it from time to time. You are probably also interested in checking out our Terms of Use and Privacy Policy too.
Our credit card processors have completed a PCI DSS level-one onsite assessment and were validated against the Payment Card Industry Data Security Standards. A Certificate of Compliance has been issued and is available upon request.
All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of the internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. The infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure and doesn’t share any credentials with our primary services (API, website, etc.).