We routinely update all certificates, obtain PCI compliance with third party verification, and adhere to rigorous policies within our organization to ensure the safety of your data.

Are you PCI compliant?

Yes. We are tested every 90 days by Comodo, a certified third-party ASV (Approved Scanning Vendor) under the PCI DSS. You are always free to download the verified results below.

Admin Portal PCI Summary

Platform (Front End) PCI Summary

Do you store credit cards in your database?

No. For absolute protection of your customer card data, we outsource all storage and processing to Stripe; a highly secure, respected, and well known payment processor. No card data exists anywhere on the VineSpring servers. This means if your account (or our servers) are ever compromised, there will be no cards for the attacker to steal.

When cards are saved to a customer profile in VineSpring, we send them immediately (and securely) to Stripe for processing and storage. In exchange, Stripe sends back a numeric token for the card, which we save to provide clients the ability to charge that same card in the future. Since these tokens can only be used by the merchant account owner (i.e. the winery), they are useless to an attacker.

Did this answer your question?