bae9f98b2dacbe677d0f0b5c9a45fc03707663a169ee84d2967d9a620fe26687b27fdddcd214c47db3b05730cc37578d4212f65a653f3f8ab8be97b27e1eb957528372877f6d7303c3d25723c61c4fd0b09de2e588c53df8d65ccb39d395fe

e3d220c81289be60d028768dbaf4d98e7d58b2c41697d0b61432b7874d21fac1e9a557b0b1af313e2e9cc77d3b010a3e475bb9f5f71b17937cf07d5beeb82305f1ad3e383ff303536f255ca2fc6e1c3ad6df6e83ece411d0bf04aa70190bf7

93eb80161cae6a363d8194691cc617e6a8be346a610f3b7dc756605044c9715467a46799c8d0047799fc54d1083d2591f2cd5c6a32430f9a79f6869eafe99782845cd9d7b810821b0b582cff5e02d9e7ece5cf6dd0a4132cb5c559d506ed8d

8fa6451ac2c788850c6c87d16582daaee49d841377ea5562812e4dabb28c0f758c1afa737b552b110925bae0b1e1b16a54e20fbd06de9c91cd0b2ececbda2821e4a58f35d43bd3f318c381f0c865d3e853f6ec713820658fef73962c347842

21e7a70492a1a05c047a9aca197a1ce03bd82614afa1c7b926f82fefdc497987f50aa8048aa594b70c698f8b10702ca370a404554cc0b54002c73aa9be5665aeed8627eb38c4d92862301f7c9a728ab37b469020a586b71b58c833f22f7ad4

e065750c30d291a08c7a8fefe9e92597167b0f60d819fb8fcbd9b160399d131bf42a7fd68834c88a33530b143a8c475332d2d01f7e6e6713d3f3e0915602af58bcc79c58d04daecfcb65b00b087c1882e3ceeb05a3cf7339b84323fd6d5158

40eb39e27279ac482e648d1f6a7a84f4db0285d885418a7334ddb047996797ceaa1274562ca0e1ae568f6de253f4bb1625ea1f07fa15790b4c5e23803377160a87abea2747c447c53ba8a907b1949f69e086b06fd287f1ca43f58efb0bb4f8

1cd3df15b66481bf7890a4ca657e8fe5a837a04b68faadbeb796ea178514b589136774131d30faa4d5448ad277a484f5b8202a145baf067b4b64b5fe239a88d3083345c4d2cae9e7279d1abf3c68d3e4eba72d9d4c3fffe3a176b907c70c18

721708a62cf934917c90cc3b9b85dd780129f98ff89b8783fa4782660c61a8e3f6bf2680727af0411a50103d769c0a07ca0f148bbdf5564b91c02b81dfb6e6b886bf707508b488c224272f5d453665b9365afec8d31cd4f2545573137ea049

28906d3d69667aaaeb9fb9bc04fb91b11a2b41d3a715459d442f1cbd8ac61e4e7f107293a7d4a229dbf91654a3ab79996a83b0a37c0971c04065311da94af1e89e72646521f404510b9ad255d7dd47330cf79bfbdb838d68c0e97102b26ed0

cc8f56a7d47784a00861015d803204434debbf1027ff061c539914b51ab7198ee872929a345a48c6e945146fbf98e078a03bfbf24a216a054a89deadc527a4b1d9d07115c9cde0cb85c4b0249618484ff869c0baa94400463b9e8ad3a3fd3a

07412e5c605392f4bc995cb1a0a802a03844d165cb702fe11c3ded3cae1a2b2da5eb7d2c6caa7cf2ade26e90dbf1658b482d311fe5c6d6d4d55364b2f9a023b34963774ad7ce0732a427a6c83ac9e450115f67648b62ff4c65b72059129bc8

c8abe0ebf7b39ec62206d3bdbde0fe1e7f1a324e996e1a1afe0c64b2cc745838535e11d6383c1635c5857b70b33e19910555b76214e93206aa76634bfc29e6528dae32bc34bbdc5274a945b57ffdaff7bbf61bf5bf8d5517bfdc0428ab0b1b

f58587776c3c399f1aea64377386d3906417db2b8f21b39dcdabea07d27ffc1dc65f706a16aa2162ee26d34a18217f616b2622fe59dce8b2b8cd62e557ef9240eedd51a186a0c094bfb8e021a57d3ab2cecccc9f85b44a64d1ad4e74dd5a76

ee8338b8d8d2580e92703caab89cf1984145fb101cc0fac68fadd5e8c309fc828042a845410786cc4f73260c8f9c6d286a1bcc96d369a45a279c71130813af4e4c8666c5409c8683a235f6096b18bd8539944c18857826075ef70aa30b4461

011f82982a7f0f6970043406954b4cd2e975c10d5a8471fa2b52a7a66acc311519c3c9efc252fd733114ba7cb104f0be4b4802e8376174e9b36bde371cf6b96dfef398691b0a5683bc7fc555ddd1efc09a10d2e04ff0db9425159555ae3592

22a1bd6ffea5a080c846d63a0856d30200e669d4850081e858778d2426c3d726af1227dd3e0bc8ec0e8b6e6d0065b361ab3b3a76a8c00d9309f47536c7a9cabf00c58914fd5b34585599717dfacabce6fa63ca7173b82e91dcd13b681c19f1

20474a70fbb9c41dae97f889c0f28137eb782b1b657c054be40ef7247aef72843e4b8b02ee42b3496bd95edfb20030a48ddae37ceca4b573d1c378202e27c745824222e81a8d00c6e7ec3763659c5c30886771cdb1c1cbb91f110dfd90bf97

8bbb4c03e408e9c9391784282b626179ab8887d7418d04ade8edc97a400fdcacb265aec60c8cfa822a2090bf51ad1d664575711bc48b6240918fc1a6b646c5bc3a5f7135ce2f73a217e5c77671c1145eadc63a091840e390ea4e3da1b604a7

914e71db0d9ab88a5ee3b409f2eb6bc75f536bedc6c6aa7400904e1b6dbe2817d05b3fd0efd233be43d81c37ac9a03b11d8f2617e36e4c7661da81fc7ba1b33176e25de8403671202d2ed051144ddbe257456335baf1d5a2478cfe86a5e15b

df947a9580396762fd5a638bd155ca3e90ad5610a83d40b37f76beddb72900c8d5776ee6ec1ca03f4cd4b0cd9cbe1e726096c3991400322d2f2406d7cf93aab59c3d70eef4b031098b27ad0d3365b8b61101396efc31940e3ed4f8180c0214

6e2d5c867e85db58d86060a1316ff2329f2974f1e579b0aa87e003e0e78b528c888ff058466281f05021bc4639e8ef37896bb845044ca625e98cc10eaeb5966affb90dca43a35c26beeeb4876f33b225efbbdc36ffb877092e96984f309dfc

55bfcc0b8428988c36881cd001ed0f882984f29f366d7308afe053fcb74e81fbc0aff49c93e9038d5982246f1d50ce8c27676671c70904d8854493140114a85767abfeb4b1aff5d05738d89b495682ec88bb302a2d5f771754d39d89c67f4a

eda6f72688d3eef738dd07f4eab1eb8ae6551cab061018dc740b98a06f5ea20aa08a1c574456036de80d7adf0e6bee1ec234f77d54075dc34e26ccbf5f4acbfe454c43b030420fce634f8f37b5c42a4c3a3c76a3f366b66a53d36c054082da

dd9f539e11dc6c969b9b8e44f66d176550566b68048cf406de4558d7b05324bd8d38801092695405f9b9bfc527524c0759acbc68a345f9ed4fbf8672214bf3ba9e98b1cb66ceaa499197177eecad89a331b461b63180113e92d08ed6e6d589

037bc62e23e6bd7d60b2d0f15eba2918e96f13a887c6fe0997eb512d319bc4ceb670167c69a0740cc93fa2c1508355b3148342f066e4463f28110f76fa2bea1abaca935398da2dbeb8d2a768cb46520ab3191e41bbfd228422f05efb9c98b9

db72f6b0b4ded54b80ae52cb272064af00b7ebea933096878284d4b7fd75b0d0f9a77148feeea31c771e567518306ac25ca99d31343be85aa3ad8e74f63f9079f06551de95c1096291133d879b76da55cc7275e3ff88eff03e0e5604254b2a

174f29cd5c8b0c93975aae7992b8e181f50d8747c2fda7b6356d8b61fff13aa1908e5a6ac69f6e9d8900bb540686e7b49319aa992aba44ae17d4dfbc0b0ca0de4fb4ef1d18650a249917dae8a69c13202e4710f84763382f66822653a5fb22

c6bd19038ac2c3855d171b70aa23723b84858d787e7114c0e12b79a91cbb9be2024d5cc1717a568807a5fe4fd710d4653678637ac383f3cffebe37dafab86b77c04387c79466e16b8b22916d306b2c3c575ccfe53758d9c55014296c7343dc

16da3d7507bb86cabba54091570e5dcfe7efa796dcc389ba0a7b5a9d6e609433bf9b2c179b85ab5cb1a5fad120c2d749c35e486ebc612d3e89c98333c59ab585c51ec11a6585c93d642b8f41b8b96649a2c66b18615e486b2f7eb5b0dca7c6

8ebd05f3230f38bafca68655900e2f1d9a4215fc1a8a3b8c7c59ac8ee3b1e0dc144de9d45230d5b0a530f975138e98fc5e115447b69fd8f437c95b9af011ce1453becd86d60032a89562c368c0857512e5caf465a6a351b8b9dbb30bdcc8f6

ad2fb5f41a0b84454ba42edd148cbf100ecb9e7285dd382a74da5d0d0a8ddc26f7ebc8dc0aa8b8d10f7e2553d5a7182cd05eff344a4ed6c29a4a45bc93b1392b078244b44e09810e83c0a122056a9b31b129ee6b53747e4d0b5e790b25769b

23d19c1c2a5cf7373cbc7b757985cfffb8d66274924f78870c81efa1bd973c9a422ace2fcff656e8febe4d0b7ec1fbd86f6d424d90f0c813c97ced520ccfd187bf3829632d5bbf0d901bb29845c9299543e72511f3d4daa239423200deaa04

c1b08f16817ac5c6d8fc33920fd03a8039d59e97635e322f2b13c37ffad445c9a2ec55e93e302ee709ab3bc3f317dc106b9bb5a225c4e308c8f86179e8af529a33fdd09f80f272ef2e6ba2ac8d1d105fe0634d0bf5cfa7048b487c3da9a182

0c10b0d8bfe38175ae1f4d0c7acbea79373c4f0ff6a441b48cb44a447c1ba552d9467a548f961cff7eaf5aafb1a71971b428973378aecd114445b85a72d66e0766bb619c4258df5f16f3ed68b77bbff6d166743b1348a352792632e56310a8

8ca0394f45f1413dc8c8392a938fb78212870359e397a61f0aecd4892378593a3c441134018a4597ca0620c2768ec20f839c0f34806d87d05ba6ee8b5590a5a3567542ae199121fecd1d4b21119248c3a66800e5656116d158e59328897de3

c90087808b39eab2831d599a72788e7ab1c9afc86a1f3fc1a3132a27f365107c5862d8a78da4f93dadc4670b8e20480d2b5e104a9ea77668b125b57cf60da1522a926c9a66818dc73cb113db850a1d662cdb572e91eaf249423dcbb7d6c16b

c57d4db437729498d2fb1033d2f0dcaa6c56d09cfeb72a4015efa8257526e6701b6d452285c67619c75e80dc375ac530dff89c3e65e68cf8acaa511da0aa08952e630ecf827b81768219df2a97740f63af214130b8b5a0def07957bf29cba5

a0351b017122c5948c316392936eb54e81259b019bc1a757798e4cd50b5f3a1d2b4ed086786c26c830af8273385365a01fb109a2e7b9ac4ac7079c3d2c9765c20841e400280fcd38b4a7d706ba4ab55bc1d3d27d0619e58cbfd192e9661753

d3e0be8de30fac731d6886c13b31b3785f4354ff5ae7fa2941c9069e0c6dd8ad35a364758b67b0041463542b916fbe13908c5287dff60568db05699b8142c44e034417533556aef06b233252d27f26b029f8f300c64d285336393eb57ab27a

Security at every layer

Your data is encrypted with AES-256 at rest and TLS 1.2+ in transit, hosted in secure data centers in Ashburn, Virginia, and protected by Cloudflare's global edge network. We comply with GDPR, CCPA, and never sell your data.

Certified compliant.

PCI DSS

Level 1 Compliant

GDPR

EU Data Protection

DPF

Data Privacy Framework

Encryption everywhere
TLS 1.2+ enforced on all endpoints in transit. AES-256 encryption at rest for all stored data. API keys and tokens are cryptographically hashed — never stored in plaintext.
Privacy by design
We never sell or lease your data. Information is shared only with sub-processors required to deliver our services, protected by data processing agreements and Standard Contractual Clauses.
Access controls
Role-based access controls with multi-factor authentication on all infrastructure. Vault stores sensitive documents like KYC, bank credentials, and license keys in isolated encrypted storage.
Secure infrastructure
Hosted in SOC 2 and ISO 27001 certified data centers in Ashburn, Virginia. Deployed on AWS and Akamai with Cloudflare edge protection for DDoS mitigation and WAF filtering.
Breach response
Documented incident response procedures with 72-hour breach notification as required by GDPR. Automated monitoring and alerting across all systems for real-time threat detection.
Compliance
PCI-compliant payment processing with full compliance with GDPR, CCPA, and OFAC sanctions. Identity verification required before payouts are enabled.

How we protect your data

Our security practices are designed to exceed industry standards and protect merchant data at every stage.

Encryption at Rest & Transit

TLS 1.2+ enforced on all public and private endpoints. AES-256 encryption for all data at rest. API keys and bearer tokens are cryptographically hashed — never stored in plaintext.

Vault Storage

Sensitive data including KYC/AML documents, bank credentials, and license keys are stored in Vault — our isolated encrypted document system with strict role-based access policies and audit logging.

Sub-processor Governance

All sub-processors are bound by data processing agreements with strict security and confidentiality requirements. A full list is available in our Data Processing Agreement.

Access Controls & MFA

Role-based access controls across all infrastructure. Multi-factor authentication required for all privileged access. Automated backups ensure data availability and disaster recovery.

Breach Notification

Documented incident response with 72-hour breach notification as required by GDPR. Notifications include the nature of the breach, data categories affected, consequences, and remediation measures.

Data Subject Rights

Full support for GDPR and CCPA rights — access, correction, deletion, export, restriction, and objection to processing. Contact privacy@pandabase.io to exercise your rights at any time.

Tier 1 Cloud Infrastructure

All data is hosted in secure data centers in Ashburn, Virginia on SOC 2 and ISO 27001 certified infrastructure. International data transfers are protected by Standard Contractual Clauses and EU adequacy decisions.

Edge Protection

All traffic is routed through Cloudflare's global edge network for DDoS mitigation and Web Application Firewall protection, keeping your storefronts online and secure.

Security FAQ

Common questions about our security practices. Can't find what you're looking for? Contact our security team.

Vulnerability

Disclosure Program

We believe security is a shared responsibility. Our vulnerability disclosure program awards security researchers up to $5,000 USD for responsibly reporting qualifying vulnerabilities, assessed using the CVSS scoring framework.

Discover

Find a vulnerability

Report

Send details to our team

Get rewarded

Up to $5,000 USD

Security at every layer

Certified compliant.

Encryption everywhere

Privacy by design

Access controls

Secure infrastructure

Breach response

Compliance