PingPong uses the industry-standard SHA-256 RSA encryption for all data in transit and at rest. Status pages with own domains have separate SSL-certificates. Sensitive customer data such as passwords are encrypted and salted at an individual level. All data centers are ISO 27001 and SOC 2 compliant.
All credit card transactions are processed using secure encryption, the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-Compliant network with Stripe.
All data are written to multiple disks instantly, backed up daily, and stored in multiple locations. Access to user data is restricted to a small number of employees. All services are running inside a private network and protected by frequently rotated passwords or SSH-keys where applicable.
PingPong aggressively updates all of our systems. Security patches for all system dependencies are applied within 24 hours of release, usually within 1 hour. All 3rd party vendors in use at PingPong are vetted for at least the same level of security that we apply ourselves, most being SOC 2 compliant. All mission-critical providers are SOC-2 compliant.
Data security is a top priority for PingPong. We apply a number of security practices internally to ensure access to your data is restricted such as rotating all of our encryption keys regularly, reducing access to those keys to the minimum number of employees, and regular security training. Monitoring tools are set up to alert us to any nefarious activity against our systems.