We try to make our site as secure as we can—we want to protect both your privacy and our business.
- This catalog site is a static HTML site with no direct backend, and as such no app server attack vectors.
- We do not store your password for downloads. The download fulfillment system is managed by SendOwl.com
- We do not store credit card data in our systems, nor does credit card data pass through them. Instead, your details are sent directly from your browser to our highly secure payment gateway (Braintree, PayPal, and/or Stripe).
- Our credit card processing is PCI compliant.
We’d Appreciate Your Help!
We encourage anyone who finds a potential security problem in our site to contact us. We’ll respond as soon as we receive the report. We’d love to acknowledge your contribution below.
email: security@pragprog.com
Security Hall of Fame
Thanks to the following security researchers who helped us fix some potential vulnerabilities.