ba9cd138372e1caeba6b24395d663709952cc689bb1a638987dcbb97d24b124be934418dffd46dc46a9e3a5f24a43cdf538a3f9b076d569ddd51129de02885960c38f6482b440a3b4dd13a338c618e82c5f6707d4c07e438abe262fdca5645

95ea5807dd3b77c77d9ca234adb0ab4c252a9b1f1b842e3b4f1543621643d924cc9da8452a820ad1c559527e33bb70965d96c098d68565c6ecd9ac85dd62ac0d62ab33e8cd6f0139ed72341301d787379b71028e34cf4937f5834a4b6eefa3

0a97b4c3c0bb5ab2840aa2159f99ec9dc217792b669d6c6bd814f0325df6ff6f561c99b45ebdfc4d1101cbafafcae94995e0767d55150592f7cb56ac1dfdfa3e0eb56a43add0e31e07fe9a6b9825aeee45065cc5e8647d1454e88becdc1629

8bd35e95a9f0365bf4b75d31f0134e3a67c47628daf93a3f682f62e12b171ad41302fadc41a8c47eba87759fa089c89d75cdd2e1ac2dff41b0098e5fd04254d260a5379a9a0ebc9a3dd91298f351628da07a16fef1d054d2cf234498a316a1

4e5cc861c117bf27207ca8b918ca6be297daa657dceee8100f06145dfea3e20c7a7b2a0dfb6ee669ec1f49d766349621ae3924b3b411c475c3ca02fc48b8edc652dadc1fa2f97ab71850e98d8cf2a99330477bc22f5c7c7513299980b9f5b7

690f467862def882c51cdf240373438451ccf695595bf20b7ed7618b79f0835c56794740508b07f07b206c2663a9adbaa7cd64834a1e794280190dec28566ce96722b483097d37f17a9f80aa35209b89d31a39c9f2ab894442696c250532c0

8556d13738f546aead69f58818f9fae2fa2bea9a024e887ee46199424f2611c7a3eb7f0926aa48cc11866b98e54061fb3e49f5fc77c9a3fb62881b7be1c3d8eb4e05856d4f897dbef52c40499334603b6d889cc9c5425a314a01843da4cb79

8960ad0bf8ec0593eeca5e89ca708b643b9b6d54d181d99e6ea1197915d1dcc2d87a76a7f1ff71bac86c8e2fc15023000fd1773bb8d782f9dbcbdc4d9439f6ceb59460e554ba756b6d53759ca886bf7077ca6e7c83f468c313817aa25a9940

17eccdb5102bc00805618363392c145f2be7a7ee2c30f939b47d3a6b6d74b8622ef06429c6d2c24130bce45acaa72de435f83ce066027b28e570b85a80f217d473437da808d64b27c7852b4f233fc774e7a009102b1c2c980c2d3fe68a6401

ccff48a14312f9760670b54c80419d530718ab654d09c247d5e9e6ffdc75e414f17b02265b65e610fcb3f3e77ff6ec30cb076a60a2a6bc1b1acc32a7cd895ae5ea82d7592d2cb020d40a33519506cf332949883dd72cc8f990a247e56d9467

1228ca6ea7169eae5cdc9ac904f3df8cd99ab7d1d42bfac33b7f6e3d9fd073559ac1ffb6ccb1d626e4d094b8b39e8e73425de8f5cddc546701e69d2ddb6385c8ec7d8c939f1e1b52f14cec06dcb15d5bb9033c3d9d1a126cdc9c90363d588f

53c614b6303685660194fe28404b84e9b1903121c94ee2293e32797b0d2e515a3d7162338c19bd6efa7b85e7b99c376f55648b99d5efe193307d565e68a3861aad33c6117f52b29e58de4178a5bbabad71f9a3e1c69031c0fd2358245459b6

40b398e5d9d13117c81bea6bba9a081e827d48394c98afb42e2d58fa4f13177edb3e4bc8b733a4c214bd28aa7dd53d33378623118d1b3cd30d9304a3277f78576b324eb80fb84599c60b34df0db4cea56d9dcb62e7c32f47134b9b4a7613fe

e72b07981e2f43673ab42c3b8b6d1c218b55971b63d6b98f9cf569d6ec31a41f2110269a5907e4504a802e1f38133d0f3dc782414d77383d95f2a1b9f845d4c4afc93d415a03dd8dac806b716f0e89388ed706c2432297cc8dc8bf6b826f49

0e0dd921103185bfd7a5160ac755593d5c18e25d575072efb359d4603de957c07ab20eb6237f3d231012a29ed0dce518cd492c80a2b1bf0ae26578b4b59035f226c01fb6e3dd6975aadd4127825cdb5fb516f6453cc5a53bbb0f44bfc84dfa

13528f5df6b4bae3a15884f57e2c52670f6072f6b9bfb17cd3c746377729a9e0c1fc767750d133f3be6a5707523cb69c01271f100e4bce455b5df0f53f88db28839da8390c6455aa36fb6346890b526f320b583525587623da1220af5ff42a

6754e73b5d95a797f1c1afc01429b84bd799e373d9180432425bd308666d568a0cc9364304579eb72722f8066435678cf5ca318fd8ed9c731c8ece9c702dc83c2a6dd45151fff656d6902d12b150bf01cf87b3086877d224e260732898a1e3

64d86ae08bc4a548d41f2359eb71601387b6fcc91f10b24072327fdd14dbef17b9d82594627aa581adf42cd1f8476ecd69ca02bafd9cc980d49ef31dd3882e670ee63299450e551b8a00b024f3b9eddaa089f0c97a76e0d5bbbd602c4bd45b

4bbebd41a181e2c86621dac7f09b9cd0f8d2a2c527d3fe0928acf5a08be23be571aacf469186bc0cc993f968f9990c37afb5c290bf381cd3747995fb5a690659dea28290c72a319f9834b552e445cdbd499b0f1bc3542200ab22e2ea2f01e7

a779530f28c84a8daac47d328d27cce306d878bfed3f06d059922fbebbecedd33d3b46dfe3cf741e1fbd921b88b1997e1ccc8ae629f0dc8ca74555083fca49d4c6200233e114814e42ec3c6000cc5faf2818dab0d166859622a98964152a31

16cf83ad23bdba4e3f04131106c5022c061d934b021bcde98158cc74602fee44c03f4852ec9de5ded2c09dd7a7e2728da51b46f48517ae6008bd70030dc06b206e12b00f9eca4b470a70a7380de5350de9d25367a186f748e0f986a459c5fb

88bd8017101fac483adec06bc3c5711f39eb64ca8e4a2d0e3b9385124e7d357d0a400debf4a8a4927d9d2a0fd8c96bd7c65cfff2202b40db303206e2288bdc643d737357d563f05fced1d36e165c6bc0cdc7aefc63795d3c94bb71989dac06

dbbb955c045d2d6d61cfee20b1433f2de976f983d3456dcf1ffef7f1814873aaab1fff1d31f58fab6b22285ab95de71f55528740487a3f6dff2dd86ec30899fd1e2082c9b55316710ac8a2664074d27cd4470fabd1f0f28fce55f8532fd33a

58ca4e00cf80f43b4134b0b82b30ad36bd05c74787ecf8ee2063e32b97128fcc14ac5d18a28bdaae3958522860db1fb3791abe2ed49a75fb562e386702056f882a8e0cbf32140a9c79a9daf3ed0273e7e2c9288c7bc3d2b8a913933b9cc35d

39de417f9ada209294ea5e663e239479e7d57121b09cfdd7f6a2542b601dca371246c75486b09227bc27e8f77e774669448d4cc97cbd5fdb97471bfe14bb07e21cef4d23f7005f1ba421c03faff05340b7469b868b6a72092cb576caac90e7

b684f4c95b4fc6a8f15421da40969029922423dae8973e51bdbb0bedee55cfd4cf15af59256712612d796a71e9dc931b25889bd7d5ddba8fdec9e3ce16f8e9a7665a64d91e4d91fafd4ed433a517164f499419f2c1339da05d19d29238105b

63fda6cc2aa29b57fffa6adb0a4b7a346714f8114ba2e40e6247064acf42f487a93ad50014965b6c58c1d4fbeea111115a4b6f913bcb59d3297e16b3ff30021e37bf999239daa8f8155b7c25e39a32a889d411c9252f8b72611a179c11369a

3e0e8a53550f616d7f1eb55ae997e23794471414818e6e50d0f1fbf6968eaf6a316eb9cbaf12ffc6d7b638972aec954c2bae6023fe102f66870ba99e9af64d442b8c9d4e7cc58cdddce658842662ff43b607955b09dce407f266956d2dd675

66ff0b7619d53696be99203a64aafeb958c75082c0839caac964059227ea65b9cdcb6582bbed1410ed89592526acbfbfadbf763315ab81f8a20e47ba93df24eb4393e2284f9c32f6299d856a86ce239d3551bd05c4959ef93a17835f6077d1

1999c7ca13fa8eff55ac816aab951b2a5b598ad45b5efca32ebb02609980e0e1ff1f8213317be70bb08aec7c85403ae8bc249fda957fddd68873f0995609471740ac5dc6e9e77e307880ef2c3f819a456a36351cd24494b1dc96610e4b2b94

0ccf3b56baf2b34687b9bb3e72e71e400e3a31750523e2d619b6f192f451cb42e57e1d9cc5d98a34d6a706de7c45dac83d8128d6918339e3bdc61c95a1f54517b3fd8008ebbadd0172b84a665bec691dd2cadb37f9f4cf6248c754528ecc92

0557b90948bab524dba13e259bf213d6d803c55b18d3225f4f1ea0cb2f8e871f01854d0fb3eb9899072157fb2d10e6075385f618a1b2031c92d5a76447b22dfc030cebb6b58bead896b8b05c13707804d8a6b3c782c5968f1834354abf0695

0ab7b93fe186129f535c9bf98c46b4cf2e9dddcf0bd9439d5f74a7e53b409376a24f0484c81e39d3c3e8200ba0551aa9df117c659604c9e6a9fe9ca4e58093c0ef15d7d9c2710549d783e3dd7a747bc99941c2e87b6a85bae1f02e2bc91e13

c873854d4ba192a518824451ffb0baefa439f9d3adb19be318affa8b9326f0300c99034f1960506f6a04703f774e82e556061bbe1a5ae329fcbdc970d4d26895f45f7adcb06724ed584d6030e7eabb557c221c16788a9d5342c5eefcb3dc05

c9b3290f5f2c316da8b771446dcbf8e0bc5ede1def819603be2128fc5214a6e23f5284ec3623ef580ddb074ba835f4b7e25329bbbaeccb92c1dd3b0f90cc299a46e8a099241dc5b10c9780eae7375d036ce4f2fa8379e230fc9285c1d11321

28ae58358e6da41c4714be0154e33c1544a34dfda4d799ad25a5ddc159055227a750de89aa5ed10e142fde4e417edb169d79dd293e057f5ab5045285faeebb9e4c0522c11b12c4b26ed61d213d3c0a996ef58c5f1c019e26a5884c14ae6cdb

a12a4c32de7c41ede62b11b51bdeb055da4ce49bc659d5192d1901a8137bc70e729bed8ada1108c10f263a347f8e3836451c62bc79d4b58075082a8492ef38b1387bca5b2bccbc61f82dbbbdf50fe8aad6a0730654f41f260e4d7b0482e660

bc4fff58c9e31db2d9b43ca4befb2ec13528e55a4566f4085dcbe84ef05d79040447577985b1df75e7ec8a4cbd387d798e190cb917f11118794b07aee46c56b907abfc49f7ddc8f840321c8fafdc1e528b92a4e6338e6dc79acfa0e4ec1179

94ef20d5d7e9103a28d1c71665e9a7cdf2ea8f6499a3dddd912c254b956f054923bb6832b60731a371d9e5ce436255017f4e2436eaa11caf266ffd488fe14a88cdb0854d3ab5496147192803cb311c587fdd6290746f2375335ac171d13da8

261fc42083b89625c466b409049fc02582785251f767922df181cfaee55238a7f09f169bf646335412acd3f9509e4757737d3f9de7a9de15d6b83e3ed18a548a2be7157ae5d79def6a2133506b91d817f9f8b05a001167f966787b80d675e7

Security at every layer

Your data is encrypted with AES-256 at rest and TLS 1.2+ in transit, hosted in secure data centers in Ashburn, Virginia, and protected by Cloudflare's global edge network. We comply with GDPR, CCPA, and never sell your data.

Certified compliant.

PCI DSS

Level 1 Compliant

GDPR

EU Data Protection

DPF

Data Privacy Framework

Encryption everywhere
TLS 1.2+ enforced on all endpoints in transit. AES-256 encryption at rest for all stored data. API keys and tokens are cryptographically hashed — never stored in plaintext.
Privacy by design
We never sell or lease your data. Information is shared only with sub-processors required to deliver our services, protected by data processing agreements and Standard Contractual Clauses.
Access controls
Role-based access controls with multi-factor authentication on all infrastructure. Vault stores sensitive documents like KYC, bank credentials, and license keys in isolated encrypted storage.
Secure infrastructure
Hosted in SOC 2 and ISO 27001 certified data centers in Ashburn, Virginia. Deployed on AWS and Akamai with Cloudflare edge protection for DDoS mitigation and WAF filtering.
Breach response
Documented incident response procedures with 72-hour breach notification as required by GDPR. Automated monitoring and alerting across all systems for real-time threat detection.
Compliance
PCI-compliant payment processing with full compliance with GDPR, CCPA, and OFAC sanctions. Identity verification required before payouts are enabled.

How we protect your data

Our security practices are designed to exceed industry standards and protect merchant data at every stage.

Encryption at Rest & Transit

TLS 1.2+ enforced on all public and private endpoints. AES-256 encryption for all data at rest. API keys and bearer tokens are cryptographically hashed — never stored in plaintext.

Vault Storage

Sensitive data including KYC/AML documents, bank credentials, and license keys are stored in Vault — our isolated encrypted document system with strict role-based access policies and audit logging.

Sub-processor Governance

All sub-processors are bound by data processing agreements with strict security and confidentiality requirements. A full list is available in our Data Processing Agreement.

Access Controls & MFA

Role-based access controls across all infrastructure. Multi-factor authentication required for all privileged access. Automated backups ensure data availability and disaster recovery.

Breach Notification

Documented incident response with 72-hour breach notification as required by GDPR. Notifications include the nature of the breach, data categories affected, consequences, and remediation measures.

Data Subject Rights

Full support for GDPR and CCPA rights — access, correction, deletion, export, restriction, and objection to processing. Contact privacy@pandabase.io to exercise your rights at any time.

Tier 1 Cloud Infrastructure

All data is hosted in secure data centers in Ashburn, Virginia on SOC 2 and ISO 27001 certified infrastructure. International data transfers are protected by Standard Contractual Clauses and EU adequacy decisions.

Edge Protection

All traffic is routed through Cloudflare's global edge network for DDoS mitigation and Web Application Firewall protection, keeping your storefronts online and secure.

Security FAQ

Common questions about our security practices. Can't find what you're looking for? Contact our security team.

Vulnerability

Disclosure Program

We believe security is a shared responsibility. Our vulnerability disclosure program awards security researchers up to $5,000 USD for responsibly reporting qualifying vulnerabilities, assessed using the CVSS scoring framework.

Discover

Find a vulnerability

Report

Send details to our team

Get rewarded

Up to $5,000 USD

Security at every layer

Certified compliant.

Encryption everywhere

Privacy by design

Access controls

Secure infrastructure

Breach response

Compliance