We take security very seriously. We want to make sure you have a great gaming experience and that you feel safe hosting with Parsec. For that reason, we thought it would be helpful to share a bit about our security.
Parsec does NOT store plaintext passwords. We use a bcrypt style key-stretching hashing algorithm with a randomly generated 256-bit salt (per user).
COMMUNICATION WITH THE PARSEC BACKEND
The Parsec website and application communicate session IDs and authenticated state information to the backend via HTTPS. We use TLS 1.2 / AES128 and perform certificate AND hostname verification.
All peer-to-peer audio/video/input data is encrypted via DTLS 1.2 (AES128). Each user has their own randomly generated SSL certificate validated via the Parsec backend on connection. Each connection is authenticated via an one-time use connection token sent AFTER the DTLS handshake has been established. This validation occurs on the backend via HTTPS.
We do not store your credit card information. We use Stripe to handle all credit card processing and rely on their industry-standard system to manage all payments. Even if Parsec were hacked, your information would be secure since we don't store the information linked to your credit card in our systems.