Our credit card processor has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of DeerLab's internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist.
As an extra measure of security, we secure each page within the app with a Secure Socket Layer. This cryptographic protocol is designed to provide communication security over the Internet.