BANK ACCOUNT NUMBERS
• Gig Wage never stores account numbers
• Gig Wage employees must take specific action to see any single account number to facilitate end user support
• Account numbers are redacted from server logs of user requests when the information is submitted
• If an error occurs and an exception report is generated, account numbers are redacted from the report
• Account numbers are only ever ephemerally stored in memory for the duration of a request at the longest
• When pulling account data from our banking partner a special request is required to include the account number in the response
• In the most common scenario, contractors submit login data in lieu of account numbers, and this information never touches Gig Wage servers. We receive a cryptographic token used to retrieve account and routing numbers.
• In the event of mass database compromise, bank account numbers are secure (we don't even have them)
SOCIAL SECURITY NUMBERS
• Social security numbers are encrypted using the OpenSSL implementation of the AES-256-CBC cipher
• The salt used in this encryption is cryptographically random per record, meaning encrypting the same value twice will result in different hashes, so information cannot be leaked by knowing two records are the same
• In the event of a mass database compromise, social security numbers are secure