Last updated: 23 May 2026
We take the security of your data and your customers' data seriously. Here's a plain-English overview of how Stubmatic protects your information.
All traffic to and from Stubmatic is encrypted using HTTPS with TLS. SSL certificates are issued and automatically renewed via Let's Encrypt, so your connection is always secure.
Stubmatic is hosted on DigitalOcean's London data centre. Your data stays in the UK and is subject to UK and EU data protection standards.
Our server runs an active firewall that restricts access to only the ports required to serve the application. All other ports are blocked by default.
Passwords are hashed using bcrypt before being stored. This means we never hold your password in plain text — not even we can read it. If you forget your password, it cannot be retrieved, only reset.
Stubmatic does not store or process card numbers. All payments are handled directly by Stripe, a PCI-DSS Level 1 certified payment processor. Card details are entered directly into Stripe's secure environment and never pass through our servers.
Automated server backups are taken regularly via DigitalOcean. In the event of a serious issue, we can restore the platform from a recent backup to minimise data loss.
Access to the production server is restricted to authorised personnel only, using SSH key authentication. Password-based SSH access is disabled.
If you believe you have found a security vulnerability in Stubmatic, please contact us at hello@stubmatic.io and we will investigate promptly.
See also: Privacy Policy · Terms & Conditions