Complete peace of mind

We are committed to keeping your and your users’ data secure by implementing the latest and most advanced regulations, policies, and technologies.



The PCI SSC defines the criteria to maintain the security of card data at your business and issues certificates to the complying companies. The criteria include well-known practices like:

  • Firewalls
  • Data transmission encryption
  • Anti-virus programs

A PCI certificate tells your users that it’s safe to transact with you and that their details are secure. Conversely, non-compliance might lead to lost customers, as the trust in your brand will be low.


It’s the highest and strictest level of PCI and it allows us to serve businesses of all sizes. In order to maintain this status, we undergo an audit once a year, as well as a quarterly PCI scan.

See our PCI Certificate


There are 12 requirements, divided into 6 categories, that must be met in order to obtain a PCI certification. You can find them outlined below.

Secure network

Firewalls must be installed and maintained. Passwords must be different from those supplied by vendors.

Secure cardholder data

Protection of cardholder's data. Encryption of data transmitted on public networks.

vulnerability management

An anti-virus must be present and always up to date. Regular development and maintenance of secure systems.

network monitoring & testing

Access to data must be monitored. All security protocols and systems have to be regularly tested.

access control

Card data must be accessible only on a need-to-know-basis. Every person in the organization must have a unique ID for computer access.

information security

Development and maintenance of an information security policy.

Find out more about PCI DSS

Learn more


Your data is yours, and no one else’s. We collect only the information we need and keep it safe, obeying the strictest policies. We don’t sell your data and you can request its deletion anytime.


We use TLS 1.3 to encrypt traffic and use AES-256 bit encryption for our databases and data stored at rest.

Penetration Tests & Audits

We are periodically audited by independent third parties and undergo penetration tests to make sure we are always compliant with the strictest policies.

Security By Training

All BridgerPay’s employees undergo rigorous ongoing training about:

  • Information security and cyber-security
  • Privacy
  • Password security
Physical Security

We are entirely cloud-based, and no data is kept on the premises. Nonetheless, our offices are protected by ID-based access, CCTV, and alarm systems.

Secure infrastructure

We use Google Cloud Platform (GCP) for hosting. GCP data centers are monitored 24/7/365 and give us access to the same security-by-design infrastructure Google uses for its applications.

Read more on GCP’s security page


Any questions about PCI or other security matters?
Get in touch by emailing

BridgerPay is the world’s first payment operations platform, built to automate ALL payment flows with a Lego-like interface, empowering ANY business to scale their payments, insights, and revenue with a codeless, unified, and agnostic software.

Eleftherias street, 153 Limassol, 3042, Cyprus
Derech Menachem Begin 144, Tel Aviv-Yafo, 6492102, Israel
Start for Free
BridgerPay is not a PSP (payment service provider), or an acquiring service, and we do not provide any processing merchant accounts. Bridger is a SaaS (software-as-a-service) company that allows businesses to utilise one API to consume all payments from any method or provider that is connected within BridgerPay’s ecosystem.