Security & Compliance

Security Built for the Financial Services Industry

Every layer of our platform is designed with bank-grade security, regulatory compliance, and data protection as core requirements — not afterthoughts.

PSD2ISO 27001SOC 2 Type IIGDPReIDASFAPI
Security & Compliance

Bank-Grade Security Built for Financial Services

Our platform adheres to stringent security standards and regulatory requirements, ensuring your financial data and payment operations are always protected.

PSD2 Compliant

Full compliance with EU Payment Services Directive 2

ISO 27001

Information security management system certified

SOC 2 Type II

Service organization controls for security & availability

GDPR Ready

Full EU General Data Protection Regulation compliance

eIDAS Compliant

Electronic identification and trust services regulation

FAPI Security

Financial-grade API security profile implemented

Defence in Depth Security Model

Multiple overlapping security layers protect every API call and byte of data.

Transport Security

  • TLS 1.3 encryption for all connections
  • Mutual TLS (mTLS) for API clients
  • Certificate pinning for mobile SDKs
  • HSTS headers enforced

Authentication & Authorisation

  • OAuth 2.0 with PKCE
  • OpenID Connect for identity
  • FAPI 1.0 Advanced security profile
  • JWT with short expiry & rotation

Data Protection

  • AES-256 encryption at rest
  • Field-level encryption for PII
  • Data minimisation principles
  • Right to erasure (GDPR Article 17)

Operational Security

  • 24/7 Security Operations Centre
  • Automated threat detection & response
  • Penetration testing quarterly
  • Bug bounty program

Regulatory Compliance

Full compliance with European and international financial regulations

Standard / RegulationAuthorityScopeStatus
PSD2 – Payment Services Directive 2European Banking Authority (EBA)Open banking APIs, SCA, TPP accessCompliant
GDPR – General Data Protection RegulationEU Data Protection BoardsPersonal data processing & privacyCompliant
ISO/IEC 27001:2022BSI / Third-party auditorInformation security managementCertified
SOC 2 Type IIAICPA Third-party auditorSecurity, availability & confidentialityCertified
eIDAS – Electronic IdentificationEU Member State supervisorsDigital identity & trust servicesCompliant
FAPI – Financial-grade APIOpenID FoundationHigh-security API profileImplemented

Build on a Compliant Foundation

Our platform handles PSD2 compliance so your team can focus on building great products.

Get StartedDownload Security Overview