Our services are based on a Platform-as-a-solution (PaaS) from Google which is certified by independent third party auditors and assessors to various security standards including ISO27001, ISO27017, ISO27018, PCI DSS v 3.2.1 and SSAE18 - SOC 3 AICPA Trust Service Criteria. Additional information can be found at Google's compliance report manager.
We are registered and approved as a Payment Institution by Swedish FSA and have an AISP passported to several EU countries. We also maintain a PCI DSS service provider level 1 certification covering the environments and procedures for cardholder data security.
Our products and platform are tested and reviewed for security, through e.g. third-party penetration testing, multiple times yearly.
All our personnel have periodic training covering information security awareness, cyber-security awareness, data privacy and regulatory requirements related to our licenses.
Our development and release process include industry standard security controls and our developers complete periodic training for secure coding practices.
Updated 5 months ago