We don't. We use a "tokenisation" system called 1Click provided by the good people over sour payment partner.
This means that they keep your credit card on file. And that is one super secure file. We, on the other hand, only keep the data you can see on the checkout page: the name, part of your credit card number, and the expiry date: not nearly enough for us (or anyone else) to replicate your card. This is in line with international standards.