The basics

• Mailcheap's API and GUI components are served by special, unprivileged system users which cannot modify the content or affect other components in the unlikely event of a breach of any single component.
• All components receive security updates daily and are further protected by an intrusion detection system (IDS) to verify data integrity.
• By employing HSTS and strict web server policies, we make sure that our API and GUI are only served over secure TLS-encrypted connections.

Payment protection

• All payment methods (cards) are stored & processed remotely by Stripe, a PCI Service Provider Level 1 certified payment processor.
• Mailcheap stores only a token (reference) to the payment method which is valid only for payments to us and thus cannot be misused even in the extremely unlikely event of a breach.
• All sensitive payment information is entered directly on Stripe's hosted payment page (domain: *.stripe.com).