Security, compliance and data protection
Keeping your and your customers data protected is at the heart of everything we do. We have processes in place which are designed to identify risks to the security of personal data and comply with industry regulations. We proactively monitor policies and new information to ensure we are always compliant and following the best practices.
We have implemented systems within our organisation to monitor security and anticipate malicious attacks on our software. All access to password-protected services is logged and access to sensitive data is limited to those that need it. Our secure database is backed up regularly and we use Always on SSL (https) for access to our web app.
We engage in extensive testing before we launch any service and ensure it achieves the highest security standards before making it available to the public.
In order to process payments safely and securely, sensitive data must be encrypted. From the moment a customer uses their card or enters their card details on our web app, the card data is encrypted. Tokenisation is used to ensure card data never enters your device or application.
The payment processing systems encrypt data so that no outside sources can access sensitive information and the card reader includes full P2PE encryption to protect card data. As an extra security measure, the card reader wipes any stored encryption keys if it is ever tampered with or internally damaged.
We are fully PCI compliant according to the PCI DSS (Payment Card Industry Data Security Standard) regulations. This means our systems are built to protect information and comply with all the requirements of the PCI DSS regulations. We only work with partners who adhere to the same high standards of PCI compliance that we do.
Paysafe - our payment processing partner - has an outstanding reputation for maintaining high security standards. Their payment processing systems are fully PCI compliant. The card reader, provided by Handpoint, is also fully compliant according to the PCI DSS regulations.
You do not need to complete a PCI self-assessment questionnaire, as our hardware and software complies with the PCI DSS regulations on your behalf.
We take the privacy of merchants and their customers very seriously. You can find out more about our approach to privacy in the Privacy & Cookies Policy.
When your customer pays for their invoice online using a payment link, they are covered by the same Privacy & Cookies Policy, even though you, as the seller, are the data controller.
The GDPR (General Data Protection Regulations) broadly covers your right to obtain, delete, update or restrict the use of your personal data by data controllers. You can find out more about our approach to GDPR in the Privacy & Cookies Policy.
To make a data request relating to your personal or company data, please reach out to Support.