We have 2 different types of security measures used.....
Website --> Account passwords are hashed using one of the leading hashing algorithms - BCrypt. Hashing a password also makes it NOT decrypt-able, which means if you forget your account password it will need to be reset.
FYI, we do also encrypt an account username which are stored in our database using AES 256 Encryption. Yes, we can encrypt/decrypt AES 256 and the "encryption key" is stored in a totally different area on our servers which is purposely not accessible via the web server user.
Maybe a long way to say -- yes, we do encrypt data in our database and we purposely don't store any data like credit card info.
Both our website and mobile app use SSL (Secure Socket Layers) for all data transmission to ensure all calls are fully secured and encrypted.
Plus all of TennisPoint's servers are housed in Amazon's Data Center in Virginia with a highly advanced public key infrastructure for our admin passwords changing every 30 seconds (also referred to as 2 factor authentication).
Security is maybe a double edged sword though -- users want extreme simplicity while keeping things secure. We do our best to ensure a highly accessible and easy to use website while also maintaining users security overall.