File Systems and Communication

All access to the Craftybase website is restricted to HTTPS encrypted connections. We use a 2048-bit key and score an A+ on the Qualys SSL Labs test (as of 10/2019). We frequently and consistently review our SSL configuration and make appropriate updates in the unlikely case new SSL vulnerabilities are discovered.

All data retrieval from external feeds (Etsy, Shopify, Square, PayPal, etc) is done using a unique access token over a secure connection using official APIs. We never save usernames or passwords to these services to access your feed.

Your Craftybase password is encrypted in our database using "one-way" encryption. They are never stored in the database in plaintext and are not readable by staff. Passwords do provide access to the Craftybase website so it is the responsibility of the end user to protect their password with care.

All data saved in the Cratybase databses use "at-rest" encryption. We have redundant failover databases should anything happen to the a primary server and backups are taken at hourly intervals and saved offsite. These backups are kept for a maximum of 30 days as per our privacy policy.

Employee Access

No Craftybase staff will access your business data unless required for support reasons. In cases where staff must access business data in order to perform support, we will get your explicit consent each time, except when responding to a critical security issue or suspected abuse.

When working a support issue we do our best to respect your privacy as much as possible, we only access the minimum data needed to resolve your issue and nothing more.

Finally, it's worth noting that Craftybase's staff is quite small, limiting the number of individuals who require access to provide you support.

Credit Card Safety

When you purchase a paid Craftybase subscription, your credit card data is not transmitted through nor stored on our systems. Instead, we depend on Stripe and PayPal. Stripe and PayPal are certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe's security information and PayPal's security information is available online.

Server Security

We utilise the services of ServerMania to run and operate our servers which are based in the USA. The physical data centre is SAS70 Type II and SSAE16 certified facility which is protected by numerous physical security measures including round-the-clock surveillance monitoring and biometric locks.

Contact Us

Have a question or concern? Please email us at