Trademarks and Copyrights
The LashyDoodle trademark, including logo design, all original text, and all original photography are property of LashyDoodle.
LashyDoodle takes all reasonable care to keep your data safe. The LashyDoodle.com site uses SSL, also known as Secure Sockets Layer, which is an encryption-based internet security protocol. Absolutely no financial information is EVER collected or retained by LashyDoodle.com. Current billers are PayPal and Stripe, both of which use bank type security protocols to keep your financial information extremely safe.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we make use of best-in-class security tools and practices to maintain a high level of security at Stripe.
HTTPS and HSTS for secure connections
Stripe forces HTTPS for all services using TLS (SSL), including our public website and the Dashboard.
Stripe.js is served only over TLS
Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection
We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.
Encryption of sensitive data and communication
All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
End-to-end encryption is an important element in helping keep your data and PayPal transactions secure. Our team of security and compliance experts is dedicated to educating customers on industry standards, and implementing methods like:
Secure HTTPS connections and strong TLS configurations. When you register or log into PayPal from your computer or mobile device, we make sure it’s a secure HTTPS connection (HSTS), and a strong TLS configuration*. Strong TLS configurations are the current industry standard for trusted communication channels and allow your information to transmit across the internet in a secure manner. And, only allowing HTTPS connections helps to reduce your susceptibility to some passive and active attacks.
Key pinning. We implement key pinning when you access PayPal via an IOS or Android app. When your mobile device establishes a TLS connection, key pinning ensures it connects to a true PayPal server, instead of someone posing us.
Data protection compliance. We comply with stringent data protection requirements, while in transit and at rest, such as PCI-DSS. In addition to industry and regulatory encryption requirements, PayPal’s Information Security Policies and Controls are reviewed by independent third parties to the following industry standards and guidelines: American Institute of Certified Public Accountants SSAE16 SOC1, AT101 SOC2, Sarbanes-Oxley.
LashyDoodle uses your data primarily to satisfy orders and to learn how to make the LashyDoodle.com web site better. LashyDoodle may share data with partners who help with activities such as analytics, fulfillment, referral analysis and attribution, and staying in touch. LashyDoodle is careful to only partner with trusted companies, such as Google and Aweber. Data is collected primarily by whatever you volunteer and via cookies and referral tracking. If LashyDoodle were ever sold, data would likely transfer with any other assets. If you would like LashyDoodle to remove past data you have shared, you may simply contact LashyDoodle at any time and your request will be taken care of within two months, although partners such as Google may have more complicated requirements.