Trust Center
At SurePay, the security and privacy of your data are the foundation of everything we do. As we scale, we are committed to ensuring our internal controls meet the most rigorous global benchmarks. We have officially adopted the System and Organization Controls (SOC) 2 framework (Security, Confidentiality, Availability & Privacy trust services criteria) for our ISAE 3000 reporting. To ensure our reporting aligns with Dutch regulatory requirements and our local audit partners, we are delivering SOC 2 Type 2 report through an ISAE 3000 reporting. We also have UK CyberEssentials Level 1 certification which can be downloaded from BM Registry
Independently Certified and Audited:
GDPR Ready
ISO 27001:2022
Compliant
SOC2
Type 2 Report
FSQS Stage 3
assured
Cyber Essentials
Certified
GDPR Ready
ISO 27001:2022 Compliant
SOC2 Type 2 Report
Cyber Essentials Certified
FSQS Stage 3 assured
Explore the SurePay Trust Center
Download PDF →
🇪🇺 Download EU DPA →
🇬🇧 Download UK DPA →
Download the NDA for your region below.🇬🇧 NDA Template English Law →
🇩🇪 NDA Template German →
🇫🇷 NDA Template French →
Go to Ecovadis →
This Code of Conduct applies to everyone who works at and with SurePay
Key information on security,
compliance and privacy
Security Standard:
At SurePay, the security of sensitive data and the integrity of our services are our highest priorities. We employ a comprehensive, multi-faceted security strategy, protecting all personal data with strong encryption both at rest and in transit. Our security model is centered on the principle of least privilege, enforced through formal user management processes, mandatory multi-factor authentication (MFA). Our network utilizes a defense-in-depth approach with strict segmentation between production and non-production environments and other best practices. We proactively manage threats using 24/7 monitoring, frequent vulnerability scanning, and proactive threat modeling, while also integrating security directly into our development lifecycle. This entire framework is supported by our people, who complete background checks and mandatory annual security and privacy training. We also have resiliency in form of auto scaling, multi AZ and multi region architecture.
General Data Protection Regulation (GDPR):
SurePay takes utmost care to adhere to the GDPR (EU) and AVG (NL) principles. As a company which handles your data on a daily basis, the safety of your data and protection of your rights is one of SurePay’s top priorities. Therefore, SurePay commits itself and its affiliates to all applicable data protection.
The exercise of your rights is safeguarded by internal policies, and for information on which data we process and why, please check our Privacy Notice on this page.
Our Core Values
Our core values define the way we do business every day and the way we work with each other, customers and partners.
We care
We are a supportive employer and understand that health, family and safety are truly important.
Think forward
By continuously anticipating the needs of tomorrow, we lead the way with solutions that secure the future today.
Build together
We believe in teamwork and strive for the best results together.
Be responsible
We all contribute to achieving our mission of reducing fraud and improper payments, leading to a positive impact on society.
Frequently asked questions
SurePay is ISO 27001 Compliant.
The Statement of Applicability (SOA) is only mandatory for organizations that pursue full certification, therefore, it does not apply to us.
Instead, SurePay has SOC2 type 2 attestation. This attestation demonstrates that our controls are transparent and independently verified, and they are available for review upon request.
What this means for you:
- Verified Security: You can have even greater confidence that your data is protected by industry-leading protocols.
- Continuous Improvement: We are continuously updating our policies to protect the integrity and availability of our systems.
- Expanded Oversight: Our reporting now includes additional coverage of Privacy and ESG (Environmental, Social, and Governance) controls along with more and detailed security controls.
Our role (Processor or Controller) depends on the specific service provided and is formally defined in a Data Processing Agreement (DPA).
SurePay will retain your data for 7 years. This is done to enable both you and SurePay to comply with our respective legal obligations.
SurePay and its subprocessors only process personal data within the EEA and UK. Should we be required to transfer data to a third-country, we will apply all safeguards required by the applicable law.
We are happy to provide the extract from the Dutch Chamber of Commerce (KVK), which contains the official information necessary to identify our directors.
For security and privacy reasons we do not supply copies of our directors’ passports to customers. Sharing identity documents broadly creates unnecessary risks, including identity theft which could eventually lead to phishing attacks and other frauds.
If you need copy of the identity documents for a specific compliance purpose, please do reach out to us at any time.
Start today. Be sure who you pay.
