In addition to the security of your account information, we also treat the data you store on our services with the utmost sensitivity. A Droplet launched in a specific geographic region will stay in that region unless the customer performs an action to change datacenters. Furthermore, backups and snapshots also remain in the same region in which the associated Droplet resides to avoid any international data transfer issues.
Payment Data Security
Credit / debit card purchases for DigitalOcean services are processed by the third-party vendor Stripe. When our customers provide their credit / debit card information on our website the data is sent to Stripe, i.e., the payment data is not stored on our systems.
For PayPal transactions, DigitalOcean passes the request to PayPal and the transaction occurs directly on the PayPal website. Therefore, the payment data is not stored on our systems. Both Stripe and PayPal power online financial transactions for thousands of businesses globally, and they are compliant with PCI-DSS standards for the storage and handling of payment information.
All communications with DigitalOcean are transmitted over TLS (HTTPS) for all of our services. We provide connectivity to our customer Droplets via SSH and recommend that customers use SSH keys to securely set up their access.