Security
Protecting your data and your customers' payments is our top priority. Here's how we keep TippingTags secure.
256-bit SSL Encryption
All data transmitted between your browser and our servers is encrypted with industry-standard TLS/SSL encryption.
PCI DSS Compliant
Payment processing through Stripe meets the highest level of PCI DSS compliance. We never store card data on our servers.
Minimal Data Collection
We collect only what we need. Team members never share personal data, and tippers don't need accounts.
Payment Security
All payments on TippingTags are processed by Stripe, a PCI Level 1 certified payment processor — the most stringent level of certification available in the payments industry. This means:
- Credit card numbers are transmitted directly to Stripe and never touch our servers
- Payment data is encrypted at rest and in transit using industry-standard protocols
- Stripe monitors transactions in real-time for fraudulent activity
- Chargebacks and disputes are handled through Stripe's established processes
Authentication & Access Control
Account authentication is managed by Clerk, an enterprise-grade identity platform. Security features include:
- Multi-factor authentication (MFA) support
- Secure session management with automatic expiration
- Brute-force protection and rate limiting
- OAuth and social login support for secure sign-in
Infrastructure Security
- HTTPS everywhere: All traffic to tippingtags.com is encrypted via TLS. HTTP requests are automatically redirected to HTTPS.
- Secure hosting: Our application is hosted on modern cloud infrastructure with built-in DDoS protection, automatic scaling, and geographic redundancy.
- Database encryption: All stored data is encrypted at rest using AES-256 encryption.
- Regular updates: Dependencies and infrastructure are regularly updated to patch known vulnerabilities.
Data Privacy by Design
TippingTags was built with privacy as a core principle, not an afterthought:
- Team members never need to create accounts, share SSNs, addresses, emails, or any personal information
- Tippers don't need to create accounts or download apps — their payment data goes directly to Stripe
- Business owners control their team's data and can request deletion at any time
- We do not use third-party advertising trackers or sell data to third parties
Responsible Disclosure
If you discover a security vulnerability in TippingTags, we ask that you report it responsibly. Please email us at support@tippingtags.com with details of the issue. We will acknowledge receipt within 48 hours and work to resolve verified vulnerabilities promptly.
Please do not publicly disclose vulnerabilities until we have had a reasonable opportunity to address them.
Questions?
If you have questions about our security practices, contact us at support@tippingtags.com.