Security is one of the biggest considerations in everything we do. If you have any questions or encounter any problem please email us


PCI Compliant

Our payment systems have been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.



All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of OneFitStop's internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. OneFitStop's infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn't share any credentials with OneFitStop's primary services (API, website, etc.).

Have more questions? Submit a request