4193ff41db2e709bcb6410417cdecc736be10cd07f286489e9e68ed9389f9e4d7ead2549599101680e58bf03a6f6fd582f8c724a05689f52929f36a6adcdd09915e80d2d1b35ab47c8122f074200894f606e333538a80235a58941e30078d1

4bf39a90e5b70a34ede4ba5ddf622161e57fb801ba38a01c499663400860c386cd8274cec45a8a235ec384a8578b4b86af78eef0e2f565f468b2e4465b008f196964065a05a71d50c1c0591f8a16297874fc7837316e26398894676749a758

c36cd03115d1a058cd492d398820fbb6d8c072aeef712ca01ddf73215f4e958660bcf5f4d3034678d6bf7fe60eb9ca750f4d417afc3971b333ddc7a1f3dde8709bd8496d409b3464c7ee48fbdb398f9c407f1fa5efca717407509e077b48c3

e4b132885dfa1b03d2619bc4604ce00165dff012de5be4709170014789843ec1139f196b8b2f3a09ccc4bab99a3dd62b79f1668186f119840e30e17d25ef086888cd84a9a9e2ea76c8d1d99b405f39782d88df33e51f1b26167bc523334a93

25abfd698dd3ad44e357f572b09377816ced6f5d50b4838dbab7379ffc9de5733a2d1704ddd660f7ea8443089b0eeae7c8bab3494654e18ce9da4f31dbe328720117dce37caf172eeafae7471778ca656d36d6c217236d3b6760e5808ead94

c2e647dfa5b8846b646b78aa4f18ac72227e246d364f5200c9d352ef88f6985b1580bf09d66d875b858e01e1508e2be256a14506086b95095f17d1d68e962a42ad3a3b9a52eb74a704cd3242906f5de9b072329ecf760f3fc394c32ef0c339

163efb62114d413a686c83ab32d46b3bd311507bed936c3dd3c979f29f6be46b940a42fc3a5ec4ed6cc820bba382e418feacc2893421be2e7747d8b09c1f64a8cde96654ee3b2ed36b8302adb3f601c327905f46208c425cd2bafc81c82e34

c6d2b5dd1613e3f98a8a6e91a38056613c13d646b984514458de1581baf161911ec961f2e70c573c4df0a350510801cbabc980ca65fd9fd679fa3475777355e0278c567c13a5888bed419faa014cff8b765a75e65ebfbe02fb320690f955ef

c0ccedee884c5d36e66b6c2fb7331830b319852777d2a3632afc3d3178dea9c76053e089c83ecdce6217bbd8d41879363ccf56e9371ac3149ac92762574ff2cde37a6611ed86db96a38649edd870e7cce4729487a065521e4664d03556a82e

78fef3c6952bec20b73a9d82703a8adec0625d8c99fcacf497b7d478974cd78f8d504efa0509c8a4bc936dbd150f35a3045b9d61d07d5b798d1d01f0dc26dccb64481572b299f1a42200c8a5d19e26a574b733c2ef3390c68a3b32bf8a5623

38bf93374ba36db34f21ed02d29e05f1a6e78788b896b7c62fc64be60eac196fecdc997a36bd9b6334e02c9bd49491d55f357b95888f4e2c30ee8b8a9a09fd922e0cf9e9565e288f93a9c258776a67f712f214f3c81f4a37f39bdaf00e0166

1998e8d4f84d0a279554554783c98d83a08ce5802f5ff67ccd3b730f844c2dc9e7735f8189bf2543d637f90fe502ec9968ed8c200d07c2249995fe9488095b528ca1012159138bc36b9d3b5dc7e23beae6b05ef58883e5cacd1c9a3a602e1e

4ffa698eb93950dbab0d659a624847b5f8199c2c0295c2fa6c254404ac054e88d5ea176229b58786439c2f4fb257cf8f153c3027460528bbcc2ed8f535e2e3493e13425f7c9deac35583da3ab442eb931454f6614a6ba549664b11d9f71140

68b68eeb79d6d0b8f18778ae865b23d61ec17c9f45e4a3a67f02220bb26f8484ef99f20b55752eede46a37af7cfab3360407ca5c3cf74ed06cedc9f08fd5dee6278a1e0c5753bee7f605123daa51bd7294beaf7fcd52941773c20c600b1cdb

80957953782a7330cfa6fbd7f2e778e8735051345813c00290b75549b0c1c629ae1c841e4df41662e6a71106fb74d6b315e4ff403b16612f8a85f9df355169114642ce1306b637bd156830959c8e042819b8231cabf18d3f5072028b34c857

01ad7f8aba4c13796aa5e8e91e064f1cf56231bd23b2f7d9b809310250df30ddf692e867f50505855e48fcfedcac77e125feb4e7402e93f63da5f5ae7ed0c7cb33edfbf0f81208a1625f850df6d4f51e00bb4159f9553a2d2b96cd6cd63937

3b18a0e76174fd2b65bb79da70f5750fb045ce5b40168f094a095424fd9535deeccbd20f47e343562eb2bcc685a62e52592006a413640b9cb22a3de126cad9f6343f9631d2e71ee0497905ad78b028a06c68575ddb88979a57969aeb576e96

88c9af290177f24944d2df58d3e0957a3cb544ccfe5a3fbdd330e6dfb430e52a7201cb9b771ee6bfd21bce78575d89aca5c3c03928409c1e5b7a1fb3b5d387c76485d9e8bd671fee9542b0c7dc4ef11f31dac1ba7b5afeca96acd280d8c2e5

504d86a8346fb0eb817f20a87995408393eec9e5e5a580716b031b0c17c08111ddab0c6771e4394cf65cca781a3888420e8633eb9459a839e5bfb01d28d282bdeafd93fe9fbe070dd46b98023960c95f0854b7577ec90067a3525625d3248b

5aa9fbc6e13437089c0b1ca9e9f223018d09fd30b074322e89f9d2d608983e4bb7353985a7b61e93cabc3646877a80c851f495d78e6b3dde01a9f1bafd302c1e65de4b8480f6ba2370c26080f68a597ff0b1ff3db6eb75f25e3654c99fe98b

4dfb40bdb16818e0e278281896aba375a6c888e09c5d60b1afc363fb169eb1c7ddb98a778972c55f59172a62d0f3c1726ef304e2b98f8408bd785ee959032b427b272f18d76af0be0e045e51b75903e6d96a5c812b36a3e3a8dd6c01ed1719

c4510fe3ebd1a2625495d27bb097619b1ddf41003978704e62f9605039c1090a9603593d88c11fd5e0ee1a7415a77eb483ff589d331a54291c01062e7521caa7c975c9c24923be7e0b5a657865ab2e11cf13161c5cfd72950ffa71cf7c328c

5bb4da4273edf5ac024624a8bb61c986867039a80c299aa91c70ddee6ef7c0f3a52c3120ff269e9874c2b48d8b92307b775b7f86d28bfaf2ea8bf20cdf17a49dc7d23546eee8b7bde9bc3a0a5b21bd986631ba47c6730542b22308526d0a74

e3ec778345425b9f259ac8a0958526d8d83e57f9035c6b2685b5dbf93f95aa8110fd3fe5b3eba24cde1ac444183fc86a5ddc822c38e11ac5b88fa58be1a5c26af8daafa6099f5a85b5fb451175a8f5551568584922d058247509bdc281a597

0ea28fbe0d977c57c80edb0119a12bf679e75e65b56ab54c0169be972885dd15f3dbebf7e6f58a53a17ebbcf97b2c5a5933ab812efe8ecb0c973563debc531935bb3d3fa9576952696d1f6b85b0ea24a96621fe2187ce4607fcf48fb47fe58

2977385750e05e861d5aeb1fddc84778d109beeed6774eacdae74d01a7b70a64a490210270ca37222052b234cdb27f9cf721b75cb45d0f4b97b95a6f97dee5cdb6a6a6ddf653b31d33e56773ec8dfa7bd7d12bbc5c6051281fe9c0aa22ed98

bb52756e4358f99df9cdb52827cf9bed65bd94d028b7940df4bca54269ce2c2bd83b5d7c4c0652ee0e12f063c86427ecad66d8950edc5d61dbfdfed82d808139541c51335c38ebf9a9e11aa7115cdc747cc4990b130489b88218db2c35a07e

0d1a6a4039f615bf29f42162ff88572b3a42c87d3fc3d8e5798689aeae3e595e137d0b0022f0b0fd47cc470099b234a2b1392e996e6515c3e6ddd548d7cdffaf79baffc8c4012dcd16ba6da2d0650d01c87a55cffa91a64eeb06ea4ecc65ef

759129ce94e33ed7e47b4ac79de7f09aff580576a08a62eb60e800d6ffe4fb9117faf1a5d9346fe8f1c90acf99a77e47e57d093a30a6b1eff00e8b7b6f16dc9161250ffa14ec29bcf8f617812c1ef051458f0f900d2ad5f209566b9e91da37

345d4753e6ef1833d70668691732db7ca40dca823e092eab06b44190b7146f59054537fe1232fe98640eea63fe5ec0d23a3dda5d5cf7b11fec5ec49393618367d7ad028bcd97326a7e6182e2c3688fcb2ec7eb045dacc4009b7a218fc247fe

111ce1022bfa364c77a2a7525e15839e5a1f0a9f2c4377eb5b062128521b3230de51eba6aa412f4c8ed717287908ecb0ab76c32249e6215417cb1ff099709644d2b18ed9e4b1672c9095d5d67ad18e98eef9a183daf53cdf8242d3d26e1199

0df3722bebe149da266b6c527a5c85b4b2b0f26a40d200fc9c7ee7dc333957aef2ca91c75f0566658099a0287a87c406b8d78821852dc97f9f4c3cec411d68df149b70939c4161856b81c3bb599d2b9367707d47c3c02221e3ec1289169fa8

0ddb2f384173c480dc07115d0749d6dfbc55234f3f241fc416d053a68f28ff5616ac922fca54f2c39a6b361941bdbbb360a3524255d53a4efde66a0a7085fa4dd59b78d533b09cee9a16dbcd3bc29257c578a4cf1cdf03e09dc4a61ea00e40

09f963f8ed5f0759964d05a72a083c90d9ef51900c73c61e9220604d25e5001ef35b6521fe7f3436f2a78441a0a453638f1132513bf5addb2956db13f576b213d4d781c058b45c16eb43dab54e67037731d54ad2e9168f38771b8b9bb629c2

80bfa32a265a7de36e01bb3cdd34b62090c4de4e0e20094c4c7c26d748506b454bba147e19cd63d9855a90a4a154b605432d9d612672e2edde5cc65706518a507cbefb62c97036fc03904b2e8bec5d18adfe72f15e69b22e657afed35cdfe4

6c397dae7c0ac783d87e37d3434fee747ff1a80dfc2a6feb3a183d8c3240de12f81f2bb6d0c40e6506044e81938f78e20bef8a1ebc4fde3eb2a34512c35f2c4c933a6712cc6f209055cc4212ed474d66f945ea37201451568e733a8ac6bede

ab8f28da7e307c57e8d73850e5cc5c3d2a219267423d6c7e3a738091d70647656e57e979d13c0e0998c833dd7fbee71f197073d02707bc7a6c8b5276afe023540e26be43ec5a9c8d1fba69e75e2ca4a6d1c7f496409dac94cc64a9d021819c

5d2ff5f5b13f60b60fb46c43d999a724506789e344e2bb40a5c93229cd22303983093e0dd849a16242c5838c2f763f616c29e1d0f40ad4d142bf34f836877f21eda5912a5411d4a653343767fe20070ef85eb7fcd4932c9d0673e0918b9561

9c546da80bd01e93358ee888288aa77749645278a8e20bca3ed122bc7b046e87037cda5974b3bc934aca8f78738d117bfc186d6e0a52a33b24ef2341a67085b84d05924dcddef8cbc0b32900e1fb84d2696fcf84700057fe0ed8cb8ebf7f20

eaab906e6eb53dbf2ff3f6a9ef19be54e8f3f2767e33c4aec29c0f6be699b75870bf5b5b96ef4f05137e81c472978c70f686bf833570148e59fa530e029f3230b87e9efe263b85094269947fbc6f88d29de6f12524432f93c0e4773a9b3270

Security at every layer

Your data is encrypted with AES-256 at rest and TLS 1.2+ in transit, hosted in secure data centers in Ashburn, Virginia, and protected by Cloudflare's global edge network. We comply with GDPR, CCPA, and never sell your data.

Certified compliant.

PCI DSS

Level 1 Compliant

GDPR

EU Data Protection

DPF

Data Privacy Framework

Encryption everywhere
TLS 1.2+ enforced on all endpoints in transit. AES-256 encryption at rest for all stored data. API keys and tokens are cryptographically hashed — never stored in plaintext.
Privacy by design
We never sell or lease your data. Information is shared only with sub-processors required to deliver our services, protected by data processing agreements and Standard Contractual Clauses.
Access controls
Role-based access controls with multi-factor authentication on all infrastructure. Vault stores sensitive documents like KYC, bank credentials, and license keys in isolated encrypted storage.
Secure infrastructure
Hosted in SOC 2 and ISO 27001 certified data centers in Ashburn, Virginia. Deployed on AWS and Akamai with Cloudflare edge protection for DDoS mitigation and WAF filtering.
Breach response
Documented incident response procedures with 72-hour breach notification as required by GDPR. Automated monitoring and alerting across all systems for real-time threat detection.
Compliance
PCI-compliant payment processing with full compliance with GDPR, CCPA, and OFAC sanctions. Identity verification required before payouts are enabled.

How we protect your data

Our security practices are designed to exceed industry standards and protect merchant data at every stage.

Encryption at Rest & Transit

TLS 1.2+ enforced on all public and private endpoints. AES-256 encryption for all data at rest. API keys and bearer tokens are cryptographically hashed — never stored in plaintext.

Vault Storage

Sensitive data including KYC/AML documents, bank credentials, and license keys are stored in Vault — our isolated encrypted document system with strict role-based access policies and audit logging.

Sub-processor Governance

All sub-processors are bound by data processing agreements with strict security and confidentiality requirements. A full list is available in our Data Processing Agreement.

Access Controls & MFA

Role-based access controls across all infrastructure. Multi-factor authentication required for all privileged access. Automated backups ensure data availability and disaster recovery.

Breach Notification

Documented incident response with 72-hour breach notification as required by GDPR. Notifications include the nature of the breach, data categories affected, consequences, and remediation measures.

Data Subject Rights

Full support for GDPR and CCPA rights — access, correction, deletion, export, restriction, and objection to processing. Contact privacy@pandabase.io to exercise your rights at any time.

Tier 1 Cloud Infrastructure

All data is hosted in secure data centers in Ashburn, Virginia on SOC 2 and ISO 27001 certified infrastructure. International data transfers are protected by Standard Contractual Clauses and EU adequacy decisions.

Edge Protection

All traffic is routed through Cloudflare's global edge network for DDoS mitigation and Web Application Firewall protection, keeping your storefronts online and secure.

Security FAQ

Common questions about our security practices. Can't find what you're looking for? Contact our security team.

Vulnerability

Disclosure Program

We believe security is a shared responsibility. Our vulnerability disclosure program awards security researchers up to $5,000 USD for responsibly reporting qualifying vulnerabilities, assessed using the CVSS scoring framework.

Discover

Find a vulnerability

Report

Send details to our team

Get rewarded

Up to $5,000 USD

Security at every layer

Certified compliant.

Encryption everywhere

Privacy by design

Access controls

Secure infrastructure

Breach response

Compliance