Security and compliance

Stash is designed with an enterprise-grade security architecture and compliance stack to provide a compliant, fraud-resistant commerce experience. Our payments gateway, cloud infrastructure, and internal security protocols ensure maximum reliability, minimal risk, and operational efficiency.

Payments gateway

• Stash utilizes PCI Service Provider Level 1 and SOC 1 & SOC 2 certified payment partners.
• Our payments partners are fully compliant with the NIST Cybersecurity Framework.
• Through tokenization, sensitive payment data is converted into secure, non-sensitive forms, ensuring safe storage and transmission.

Cloud infrastructure

• Stash leverages Cloud Armor Network Security to detect and mitigate attacks against our cloud environments in real time.
• We use an adaptive ML-based system to prevent Layer 7 DDoS attacks and dynamically protect against evolving threats.
• Our infrastructure actively mitigates the OWASP Top 10 security risks and conducts regular scans for 45+ common vulnerabilities.
• All of Stash's cloud partners maintain PCI DSS, SOC 2, and GDPR compliance standards.

Internal tooling and deployment pipeline

• Stash operates internal tooling that automatically identifies, flags, and resolves vulnerabilities and dependency risks within our codebase.
• We maintain a proactive security posture, ensuring fast remediation and minimizing risk exposure.
• Stash is committed to global compliance, regularly collaborating with legal and regulatory experts to ensure adherence to evolving geo-specific requirements.
• Stash is PCI DSS compliant, and we can provide our PCI DSS Attestation of Compliance (AOC) on request.

Trust is the foundation of player commerce

By prioritizing enterprise-grade security and compliance at every level, Stash ensures that both you and your players can operate with confidence, reliability, and peace of mind.