Security and compliance

Stash is designed with an enterprise-grade security architecture and compliance stack to provide a compliant, fraud-resistant commerce experience. Our payments gateway, cloud infrastructure, and internal security protocols ensure maximum reliability, minimal risk, and operational efficiency.

Payments gateway

Stash utilizes PCI Service Provider Level 1 and SOC 1 & SOC 2 certified payment partners.
Our payments partners are fully compliant with the NIST Cybersecurity Framework.
Through tokenization, sensitive payment data is converted into secure, non-sensitive forms, ensuring safe storage and transmission.

Cloud infrastructure

Stash leverages Cloud Armor Network Security to detect and mitigate attacks against our cloud environments in real time.
We use an adaptive ML-based system to prevent Layer 7 DDoS attacks and dynamically protect against evolving threats.
Our infrastructure actively mitigates the OWASP Top 10 security risks and conducts regular scans for 45+ common vulnerabilities.
All of Stash’s cloud partners maintain PCI DSS, SOC 2, and GDPR compliance standards.

Internal tooling and deployment pipeline

Stash operates internal tooling that automatically identifies, flags, and resolves vulnerabilities and dependency risks within our codebase.
We maintain a proactive security posture, ensuring fast remediation and minimizing risk exposure.
Stash is committed to global compliance, regularly collaborating with legal and regulatory experts to ensure adherence to evolving geo-specific requirements.
Stash is PCI DSS compliant, and we can provide our PCI DSS Attestation of Compliance (AOC) on request.

Trust is the foundation of player commerce

By prioritizing enterprise-grade security and compliance at every level, Stash ensures that both you and your players can operate with confidence, reliability, and peace of mind.