Is my personal and payment information actually secure?

All data flowing between your browser and our servers travels over TLS-encrypted HTTPS connections. The payment processor handling card data is PCI-DSS Level 1 compliant — the highest tier in the credit-card industry's data-handling standard, audited annually by independent assessors. We don't store your full card number on our servers; only the last four digits are retained for receipt and customer-service purposes, with a tokenized reference if you opted to save the card for future use.

Personal data — name, license number, address, contact info — is encrypted at rest in our database and accessible only to authorized staff for support and compliance purposes, with audit logs capturing every record access. We do not sell, rent, or share your data with advertisers, marketing networks, data brokers, or any third party unrelated to your course enrollment. The only outbound sharing is with the regulating state agency that needs to receive your completion record. For full details on data flows, retention, and the rights you have under state privacy laws, see the Privacy & Security category.

The security architecture follows the principle of separation: our application servers don't have access to full payment data, and the payment processor doesn't have access to your course progress or driver license information. A breach in one system can't expose data from the other. We also rotate access credentials regularly, use multi-factor authentication for all staff access to production systems, and run vulnerability scans on a continuous schedule. Drivers occasionally ask whether using a public wifi connection during checkout is safe — yes, because the TLS encryption protects the transmission regardless of the network you're on, but using a trusted network is still a reasonable precaution for any online payment.