On Fri, Sep 02, 2016 at 11:18:43PM -0700, Aaron Wolf wrote:
> Update: I checked with Crowd Supply what they do…
> They say they simply have a form that doesn't use any JS, they
> process the form data server-side and send to stripe via Stripe's
> API, and they never store any payment data to disk so avoid any
> extra compliance burden.

Yeah, but, they have to go through the extra bureaucracy of claiming
they don't store payment data, and that their logs don't accidentally
capture it somehow (as well as making sure that never ever happens). I
imagine it's all self-enforced, but we really don't have the bandwidth
to deal with any challenges to our claims.

We can switch to that method eventually, of course, once we feel we
have the bandwidth to deal with potential complications.

Attachment: signature.asc
Description: Digital signature

Discuss mailing list

Reply via email to