Security
Last updated: July 2026
Encryption in transit
All traffic to PaystubsFast.com is encrypted with HTTPS/TLS. HTTP requests are redirected to HTTPS.
Payment security
Checkout uses Stripe Elements. Card data is entered in Stripe-hosted fields and sent directly to Stripe — full card numbers never reach our servers, and we are never in possession of raw card data.
Document storage
Generated documents and uploads are stored outside the public web root in access-controlled private storage. Downloads require a signed, expiring link or an authenticated session that owns the document.
Account security
Passwords are hashed with modern algorithms (bcrypt via PHP password_hash). Login, registration, and password-reset endpoints are rate-limited. Sessions use secure, HttpOnly, SameSite cookies.
Application security
All state-changing requests require CSRF tokens. Inputs are validated and parameterized SQL prevents injection. File uploads are restricted by type, size, and content inspection.
Auditing
Document generation, downloads, email delivery, and admin actions are logged for accountability.
Reporting
Found a vulnerability? Email support@paystubsfast.com — we investigate all reports promptly.
Questions? Contact support@paystubsfast.com.