e498382ae791ef962fb783d8d4c1e110845b225c6e4df026db3eadb050ccd612ae237d1812e3fafa534fbfbba2bf32484bad303ccdefd89561faf6a29fc3c338eb9bf784a208813db061736ca62a869ac09a7d78e09bd1d7a330d40b9776bb

f5bf902e95bd07a81a1e4fe11f999e37628e7476203443b9da0e85fba90d1672f7eae611a3b3afa7aba15d414f0b7203de94db72d05b17d43a7e44786b090f4f59646a49c8bb434a59994083250c44c39e5275d8ffcdfcced63319587b5bb3

0c1278fb1987a163e68b4ee9cd6b54fc666cacf7309b560219bef28ce39b67988f7c350ed6cbf6e605b6d81faf44d9074c3f393b09465a182f7af85cf9aec110d30349d5a5db3ade6f5543cfbb726d68ee262cabfe8dd6abac7f94e14385f6

31549457352652a461f3a97186ac1ed69f0f972b11fec4efee4fa4041b3fc9c8a2f2632a305a143f3827f99bd49b7673c2f1172c8ee4423b8ca4cd02c41748c62cf914e8a9fe781980d12e5c99edff4da72be41bcddd207a8670376789ae1e

c4d28a9a03d7297a89b938a81f403293a7fb942bcc479d7b0d99b67ce5de6edcb7ad9bbbe26f8145eac2025d094ae87ab1f6a53d0a78ba0ba00ee27c798b2f2f09b19e7b05ea958784aaf3a22bcd70499da37c196e403b47e16bc081f392d3

139a4e86c771475bac8508cab06a1d62a281dccd567f8e0cc5a2edd9494cdbc9a7c7dd6b5d61c4e53dd909322a91b46bcbd80a390280ac3fa0a3fcb5fe799bb2fc488e4d7df8290eefaa831eb1bb4204e673f786a6f323c8172d57997ab1a6

456b1ae63e3ac00362340086a846a8543369b6bf01c26479d71a034205dd94493498f415f4c98068406984858f242c815158e0a5c4aa21c1cef7319605557c8fcc5bf84e0d376635ba8aebb45ff86010dd0c825e0fe9b3525924a577e21aaa

b686985b38bbd8215b885d511fbaa436095c12b57fa07a7961676ad537367d3aed165ea4dbe7f1fc6a7f1ddcec337270d6042d17b9661eb1da61cba1ea0ccf3695aa5682c8f0524d11e16aa8865ba813936a4011bb5bfcef2a074f1b137183

1a762bc5156cdbe51c65efaa84cb322b4b1e5e56a97a3887081a6334c7733c8cd5446bfb9abfa0984f258a83657f4715539fadbd258bbb03f297339331808fcbe8c0ea42a437b1408a20901fc3851db4f37624a19fc6ed9e0686d922e683f2

5f75c2b79bb92546c81569e183dd438b6aeb60c83450683afbb4b65346ff75db49135ec91c1f4c8fed30081000047a98ac28c56a7f6e6e0cc32581041cbf83bbab4179d5ba8f2bdc7f0a6143a43a07067533178c564d865c257787f47df83a

2467589db1a72e6c210cef7495dfbd5f968d9fe43c15ee7cdd1fdaadb1e99d6bdb4de56ddae3fe0fc6f50be41dd1d3effa3ef7eb412dd7c2769ba07430802eb4ca7d84c6c5a4546d92c91deccef25952323ad7b7f1508868a47ec9bee44a66

6dcbe7365d4c8762d8fac426ba3a83164a419a63a08a2fce6c66420edcef67d79fff1eac886725337d82ed688faafc8aa5ba194ab0a6bd8e6dcaee2826da05c53e43a53dcd91f2195ed67d9bf3d013a76e3c9a4536fd070bec256c4801d450

16f0f0b683e8020fc3a29cae6de3b699835bdb11d2c449bc5c3aa8696c50f0e2566501a3872ce73e9f9181975da9fbdb64085ae99d368036c1573317f4c6c1f62541e49d0c752577e676aa4d2f62292c6a2d1c20019a5cc8dfbdf3e3825cec

9c0205f96a4cce1e5b9e299d86c18e3aafaf96d1372304574d621f7625294558c61f1414cec2ad09a330948113eb4be75cc603ab4f2ade3f3dcd57f8f1512a3bd54b4600b8e7fb88d62cc658ef2248df81fb463a579960fd2eeeec5955ffe8

c4980c8562b355d8a20dcb3c2d05c31f141ce79ad3a35c1b438041a759060f6a137d34020794a63c13695d6a732d265a1d55d3814efb41c481519d906e422ded8a73dc1270ef81492c139dacd85b08551598fddea8f3e7a3c4013efe2e314d

5b638d9a616a0d21bc257d81486e598cbd52effba5e78a660672dd3a53ffc862c4314761ee2d7905a9788182c78c17542e8a64ea19b3ea939f62aa8262a4187435fd40be1f7c43ba8d3b68d5406da68b26b8da48e59c18bb697dd40a313a47

0cc5cbf65bee1898d06ef5dcc1be02097afcdd59cf00a9be64c6a2adadaf424c7d83bfbcebf6f1c0a6087b779a2ee323e21984e72809e99f79527a7af3e538012d6f9d83e23adf730388560a40b84d109de62027194868cc0d9a412ed6af66

0c248894a4a086c8ce8464bc8a65f55f179dfc816c9665536b36a9cd551bf98165d5b42960de222512745b7461a4b666f4855c43e81e81949a549e2609d487ff5e0ac0e0b8e0a352caaf7c112ba16ff6fc3c32a0c4c7e353c0aff2e6079f8c

596229ef2051745cb6deec3612a4e8a7f94950ba9e32491b6bb3add039719fb655ff5af95da44d82d1bc07429a2987807d28006a2997986bf9dd20491b4cf5d81e3e7c1f76fc2e9b2cdb1a1072f3d454fbcffc1cd8981f3c840c9e0f817c0a

7c725b25a42d9b75c85f0279f47429e83121c98fede951bc2991231dcd79642857ad71ee3eb28178f401e27e4d09561f661638ba70ca001e6495806caa8558fe5a70fafda18a7978b07217b2a101cf2cdc663f035ef37665bd266740396bcc

a3a8e5cdfc3ff7f7d6ec968dad62f8db4b6b4473d354a62dff7504dd54e5dc1d91341582505241d6fbaec4b2952a31c3113b4dbb79074549c44104d47274a3e3dedddfc7d88d46f1062143869f170e8664c66bdf779563aed877603b87d528

44b37ec6f6937e8ea5ccdacbd56a4ee03f847f042878fd9b9b65efe174144cd74e55eeb6a8c281c97d1dc60ee5461764514cc2cd64ab9c6591f786dd8b08aa0cb600a4087e89086eb3bad25843883e61c4e50d401abb607aad479dbb516648

c5bbf2a95d1025b073d7241057d905b78a1e0247a599d695bb5451da712ec62e6b576eea84c1f33d7a6d5b3d82f6981142671020529977202b1238717664e30b2e2c05c7f237f900864ae22dd1612333273062ca7fb2cb1e9bbda2ffbf11ba

3082aaab1def79542424b1a8d7bd657be1a484a5907dbf5d2c9bd818e173950bb7dbd7b1d4f7d2652850d6ca4f9fc4d2d051d29ad474e354de6805df7ff42bdd51c6a27b352adec4da15785eac00c1c09f686e93ba454155395f42d77ba0e8

2a566462939aeec4a9b50d5801486fe5f096d61f12899c210f481178b53bad50bef6a38852084616db8c5c26b91359aa0f89781eb3f7bb7009b378bb2cc1a7c6c07222c1f9d8508d0382fe7d0138340c9a86869e9e2cde469b4ed131e58aaf

515686456330e012ef581ea347d4022e674533fd991d450c90008c41fc102460a7f9c79d1facdb3553bd7b9d9d49d6c16dea26655abf5d3b4d6393ada14a4e8549093d0510752eea500228ab3286238f8353c1b4c319c474fae0c9dc67fb51

84a869c2967abd8b27d4b7af9254ec107e0db67c49fb88f8915ab322cbbfdde14affe6a77953aa1ae32bde7ad2627ff08afa530b9e5063b658d33ebeaaf2b834b6dce2139f9b3aa6691fe09f02cda7725ab04ff858f8409677c40004a5031f

15d2a2071bb47f52c8c278368adf5f3ffb7e4ecb7002ed08b67b34fb8e8bb7962fbdb2d03ab8d7ec5b83a3f3a73b84e3c3f3261d05f4bc7e49504a3a79066c7b691b695d1c30f52150ced5fe0810b14b38818088f13174dc6aa5c85431be2b

ad12ec64ea381563857e7505246e22e572940dbe10e85245e5cd90878997e4d494cdf5bc0876172fa9b61d8bcd0be65541045e266f1d364eb098d5f998b18ecb0b2fcb03dd3f99a844df5211b61e8e39eb4c0398782056ed4d985494a06a97

107e9e5843b5d8cba914a5baaf14d506c130915f0feaba633bf26a15df1e426fe7383ad3cd7b3d42b91ba814c621a0dc27765ee506ba921adaf3e5534780650bef4acf0fe6b2f61f84b194867d299e5ddffe715a30b71ccd2cb94a56afa692

8dd0d672a7b734d02088d5c2ada2c84fe0b1a892b055da3db779ea129b43b11f451b7bdb14eace7e9f3b72865f0a14d27c78e688854c2c1454d21af52e0530dfe3de9885022f0491115fd4d4a7b06f957d5d44e65cd752ad3ec3b5b49f94f4

dd50502a062fefc53d82c51c307b8faad9ed552f732c3ec8bc5c7d665a16f0f1256b8d81dc683158bb36d57d30c6dad2c0f4527bb1ef01b23e9d28bda079d169b31c089b662050a9abaeecbc82db97ad2930afea4bc114bb19a971a1d2e93f

0cd9c5b6f060315e3313b6b76e7b7217621f573740b45e2226b810d061130156f756087cdabf83d4ed6555859c40def0de920a2837ba499ca00af5e1a52ab1db9e3a67d04b941cea9f49c8645aa113f68f752d98f8fb045f06f0dbcf7c2191

24f2d61a52bf126bfb53d132fb0d44594d07b985977d009e25246ff00e798d4d4034a65f4a967e23ab147bf8ad36594302e9db9fb69f153b0c0f653b73c267ca9f51497a33764a59359bec390f29186c1f4fea51aba8bf0624c71164c81406

fe9b2afc4b7bba0b1388a38cc2e738734f4c89ba10593bd3500917c256a91778359513e435c9d1272b2ee4b049b187a093e4b4ef89737d357c707aaa8feca930f6a9461ac9d12dfeda6ebc137acfb834f45a3bb4bd4a16069494a72e4f5e8b

3f1a8848bd7aa0cf5e1e2b2798786d0d751db60dec8bbe9b6375866cff92990370285675130b11f71d73544df581f555eb400eda20cfa3e05a07e856645789446c4e05723a9bef9740f5b1324b5bcc8e96633db2250b82c6ab0ce533728941

a90ae47a3896c4811759a24e2bfc2144f1ed621f12c67b117df9bcfb2abd0ce921cff878890655f86f605c9e2934a37ffe6d2b22f430ae338c0f3475e71627d53a67c7f57fbb841e2b70b9f410cfb474110292d42edf8793a66d20080be6fc

30358290b383f2e59f9c1bd408a6fbad5dee40411265b7d4cf3cbeb524af75ac348029dbaa8177dd74018e7092aaf210fcde88f5bd312faa3a23678c6e0a4a784d627f9cff545f08ec5898dc69a56dc4ed5322270c4e6830c1a28f0c3af59c

2b33300bb279c464aa37ae4ffd811265cae63f61cfb49914bac093eb580b55517e36fcff3f03b9f71a5c3f9ac0fe4ae8d3d77608bc1f310eabbd0a2cf41eaa7efe1b5ef282ab152221f68123f0b4b552b06beded9338fd4876bb910a037c87

5fb7e3c9064707c980e3e4a7058f1c966ce5f38a9e4a3a1b9dd57b4b1459c7c487f818ef9518cf3594e391e0d50e5ee4fd68500d93b3851cb450843d56032752117598a0d72465c37dfc226d53df176a0d86b13ccc13d7660997e2d2736d69

Security at every layer

Your data is encrypted with AES-256 at rest and TLS 1.2+ in transit, hosted in secure data centers in Ashburn, Virginia, and protected by Cloudflare's global edge network. We comply with GDPR, CCPA, and never sell your data.

Certified compliant.

PCI DSS

Level 1 Compliant

GDPR

EU Data Protection

DPF

Data Privacy Framework

Encryption everywhere
TLS 1.2+ enforced on all endpoints in transit. AES-256 encryption at rest for all stored data. API keys and tokens are cryptographically hashed — never stored in plaintext.
Privacy by design
We never sell or lease your data. Information is shared only with sub-processors required to deliver our services, protected by data processing agreements and Standard Contractual Clauses.
Access controls
Role-based access controls with multi-factor authentication on all infrastructure. Vault stores sensitive documents like KYC, bank credentials, and license keys in isolated encrypted storage.
Secure infrastructure
Hosted in SOC 2 and ISO 27001 certified data centers in Ashburn, Virginia. Deployed on AWS and Akamai with Cloudflare edge protection for DDoS mitigation and WAF filtering.
Breach response
Documented incident response procedures with 72-hour breach notification as required by GDPR. Automated monitoring and alerting across all systems for real-time threat detection.
Compliance
PCI-compliant payment processing with full compliance with GDPR, CCPA, and OFAC sanctions. Identity verification required before payouts are enabled.

How we protect your data

Our security practices are designed to exceed industry standards and protect merchant data at every stage.

Encryption at Rest & Transit

TLS 1.2+ enforced on all public and private endpoints. AES-256 encryption for all data at rest. API keys and bearer tokens are cryptographically hashed — never stored in plaintext.

Vault Storage

Sensitive data including KYC/AML documents, bank credentials, and license keys are stored in Vault — our isolated encrypted document system with strict role-based access policies and audit logging.

Sub-processor Governance

All sub-processors are bound by data processing agreements with strict security and confidentiality requirements. A full list is available in our Data Processing Agreement.

Access Controls & MFA

Role-based access controls across all infrastructure. Multi-factor authentication required for all privileged access. Automated backups ensure data availability and disaster recovery.

Breach Notification

Documented incident response with 72-hour breach notification as required by GDPR. Notifications include the nature of the breach, data categories affected, consequences, and remediation measures.

Data Subject Rights

Full support for GDPR and CCPA rights — access, correction, deletion, export, restriction, and objection to processing. Contact privacy@pandabase.io to exercise your rights at any time.

Tier 1 Cloud Infrastructure

All data is hosted in secure data centers in Ashburn, Virginia on SOC 2 and ISO 27001 certified infrastructure. International data transfers are protected by Standard Contractual Clauses and EU adequacy decisions.

Edge Protection

All traffic is routed through Cloudflare's global edge network for DDoS mitigation and Web Application Firewall protection, keeping your storefronts online and secure.

Security FAQ

Common questions about our security practices. Can't find what you're looking for? Contact our security team.

Vulnerability

Disclosure Program

We believe security is a shared responsibility. Our vulnerability disclosure program awards security researchers up to $5,000 USD for responsibly reporting qualifying vulnerabilities, assessed using the CVSS scoring framework.

Discover

Find a vulnerability

Report

Send details to our team

Get rewarded

Up to $5,000 USD

Security at every layer

Certified compliant.

Encryption everywhere

Privacy by design

Access controls

Secure infrastructure

Breach response

Compliance