Encryption of sensitive data and communication
All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of our pay,ent processor’s internal servers and daemons can obtain plaintext card numbers but can request that cards are sent to a service provider on a static allow list. The processor’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with their primary services (API, website, etc.)
• We do not keep customer credit card information on file.
• We do not share customer information.
• We do not sell customer information.
• All credit card transactions are encrypted.
• When our customers create their personal account with HK HAUS they provide their name, address, telephone number, and email address, this is the only personal information retained by HK HAUS.
• All credit card transactions are done through Authorize.net.
• Authorize.net has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.