Security
Data Encryption Explained
Learn how Karsilo protects your data with encryption at rest and in transit.
Encryption in transit
All communication between your browser and Karsilo's servers uses TLS 1.3 encryption. This means data is encrypted while traveling over the internet, preventing eavesdropping or man-in-the-middle attacks. API calls between Karsilo and Stripe are also encrypted using TLS.
Encryption at rest
Your synced Stripe data is stored in databases encrypted with AES-256, the industry standard for data at rest. Encryption keys are managed through a dedicated key management service with automatic rotation. Even if storage media were physically compromised, the data would be unreadable.
OAuth token security
Stripe OAuth tokens are stored in a separate, encrypted vault with additional access controls. Tokens are never exposed in application logs, error messages, or API responses. Access to the token vault is restricted to the sync service and requires additional authentication.
Infrastructure security
Karsilo runs on SOC 2 Type II certified infrastructure. Our servers are hosted in geographically distributed data centers with physical security controls, redundant power, and network isolation. Regular penetration testing and security audits ensure our defenses stay current.