The NI mate shop needs to store some private information about its customers for practical and legal reasons. At the moment, this is the private information we store about customers:
As is common practice, instead of storing passwords directly, we only store their hashes.
We do not store your credit card details (credit card number, expiration date, or CVC), or street addresses. Instead, we store references to that information, which allow us to indirectly use that information through our payment provider. Our payment provider is Stripe, which has been certified to PCI Service Provider Level 1, the most stringent level of certification available. Read more about Stripe's security practices here.
All requests to the NI mate store are encrypted with Transport Layer Security (TLS), more commonly known as SSL. We have an A+ rating on SSLLabs' SSL report (If that ever changes, please send us an email). For those with knowledge on the matter, we use TLS 1.2 instead of any version of SSL, as all versions of SSL itself are deprecated.
Customer account passwords are not encrypted (an intentionally reversible process), but hashed and salted (a process nearly impossible to reverse). This is standard security practice. Even so, should the customer password hash database be compromised, we will force a password reset on all customers.
Access to the server that stores this information is limited to the three people that need access to it to do their jobs. The servers are automatically patched against security vulnerabilities.