We take security very seriously here at Tilt—it’s ingrained into everything that we do. We are PCI audited and PCI Level 1 certified (the most stringent level of PCI compliance available). All of our sites and APIs use SSL encryption with Forward Secrecy enabled for clients and browsers that support it. Our mobile applications use certificate pinning to secure customer data against MITM attacks. All sensitive customer data at Tilt is encrypted on AWS servers.