Obsidian Delta

Privacy-first software, built quietly.

// who we are · who we run

Two facts about us, in case they help.

If you arrived here because something in for maddie's checkout flow brought you to look us up, this is what we'd want you to know.

// our initiative
for maddie bristlecone
for maddie
memoirs · live · 2026

for maddie is our initiative.

A memoir companion that turns six gentle phone conversations into a printed book. We build it. We run it. We stand behind it. When the Stripe charge appears on your statement as Obsidian Delta, this is what it paid for.

Visit formaddie.com →
// payment
Powered by Stripe

Card data never touches us.

Every payment is processed end-to-end by Stripe — the same payment infrastructure used by Amazon, Google, Shopify, and roughly half of the Fortune 100. Card numbers never reach our servers. They go directly from your browser to Stripe over a 256-bit TLS channel.

stripe.com/security →
// stripe credentials
Stripe.

Stripe is one of the most rigorously certified payment processors on earth. Every checkout we run inherits the full surface of these credentials. None of it requires anything from you.

certified annually
independent QSA audit

publicly verifiable
stripe.com/security
Highest Tier

PCI DSS Level 1 Service Provider

The most stringent level of certification under the Payment Card Industry Data Security Standard. Audited annually by an independent Qualified Security Assessor.

Audited

SOC 1 Type II

Independent attestation that controls over financial reporting are designed and operating effectively.

Audited

SOC 2 Type II

Independent attestation of security, availability, processing integrity, confidentiality, and privacy controls — over a period, not just a moment.

Public

SOC 3 Report

A general-use report, publicly published, summarizing the SOC 2 audit. Available to anyone, no NDA required.

Encryption

256-bit TLS in transit

All card data flows over TLS 1.2+ with strong cipher suites. Tokenized at rest. Decryption keys hardware-isolated.

Standards

PA-DSS · NIST aligned

Stripe Terminal certified to PA-DSS. Stripe's broader information security program aligns with the NIST Cybersecurity Framework.

We do not store, process, or transmit raw cardholder data. The "Powered by Stripe" badge is how the industry says "this merchant has outsourced the entire payment-data surface to a regulated third party." That is exactly what we have done. For the full security posture, see stripe.com/security and stripe.com/legal/marks.

// say hello

hello@obsidiandelta.com