Access to Curling I/O is primarily with passwordless social sign-in (e.g. Google, Facebook,
Hotmail) using a single-use token authentication. This reduces the risk posed by weak
passwords, and makes Curling I/O far more secure than most web applications. Added
advantage: users don't have to remember another password!
As for the physical servers themselves, besides residing behind heavily encrypted firewalls, they are locked down to PKI (Public Key Infrastructure) only access for a very small number of people (i.e. development/hosting staff) who can even touch the database and servers.
As for financial security (i.e. Stripe transacting), Stripe (the payment processor for Curling I/O) requires some banking and personal information (as per 2.a of their Services Agreement) in order to deposit your revenues correctly and to verify your identity as a merchant (according to federal money laundering laws). That may involve name and date of birth, but also any one of these IDs: Driver's License, Passport, or SIN. Worried about privacy? Understood: Clubs and MAs can now directly set up their own Stripe accounts in Curling I/O without needing to provide Curling Canada with that personal/financial information. This integration is direct, secure, and encrypted. No middleman.