We are committed to keeping your and your users’ data secure by implementing the latest and most advanced regulations, policies, and technologies.
The PCI SSC defines the criteria to maintain the security of card data at your business and issues certificates to the complying companies. The criteria include well-known practices like:
Firewalls
Data transmission encryption
Anti-virus programsA PCI certificate tells your users that it’s safe to transact with you and that their details are secure. Conversely, non-compliance might lead to lost customers, as the trust in your brand will be low.
It’s the highest and strictest level of PCI and it allows us to serve businesses of all sizes. In order to maintain this status, we undergo an audit once a year, as well as a quarterly PCI scan.
There are 12 requirements, divided into 6 categories, that must be met in order to obtain a PCI certification. You can find them outlined below.
Firewalls must be installed and maintained. Passwords must be different from those supplied by vendors.
Protection of cardholder's data. Encryption of data transmitted on public networks.
An anti-virus must be present and always up to date. Regular development and maintenance of secure systems.
Access to data must be monitored. All security protocols and systems have to be regularly tested.
Card data must be accessible only on a need-to-know-basis. Every person in the organization must have a unique ID for computer access.
Development and maintenance of an information security policy.
Find out more about PCI DSS
Your data is yours, and no one else’s. We collect only the information we need and keep it safe, obeying the strictest policies. We don’t sell your data and you can request its deletion anytime.
We use TLS 1.3 to encrypt traffic and use AES-256 bit encryption for our databases and data stored at rest.
We are periodically audited by independent third parties and undergo penetration tests to make sure we are always compliant with the strictest policies.
All BridgerPay’s employees undergo rigorous ongoing training about:
We are entirely cloud-based, and no data is kept on the premises. Nonetheless, our offices are protected by ID-based access, CCTV, and alarm systems.
We use Google Cloud Platform (GCP) for hosting. GCP data centers are monitored 24/7/365 and give us access to the same security-by-design infrastructure Google uses for its applications.
Read more on GCP’s security page
ACCESS & CONTROLSWe use single sign-on (SSO) via SAML 2.0 and 2FA for all employees on all systems.
Every employee only has access to the systems and data necessary for their job. We are divided into groups with different permissions and access levels, and these groups are periodically re-assessed.
GDPRWe are committed to GDPR compliance and are fully transparent about how we handle your data. You can ask for a copy or deletion of your personal data anytime.
Read more about GDPR here.
CONSENTAt signup, we present you with a consent box that grants us permission to collect and use your data as per the Terms and Conditions. To improve your experience, we also use cookies and analytics tools like: Intercom, LogRocket, Customer.io, Stripe, Salesforce, and Zoho CRM.
You can withdraw your consent at any time and ask us to delete your account.
DATA TRANSFERWe use Standard Contractual Clauses (SCCs) to safely transfer personal data from the EU to countries outside of the EU.
BridgerPay is the world’s first payment operations platform, built to automate ALL payment flows with a Lego-like interface, empowering ANY business to scale their payments, insights, and revenue with a codeless, unified, and agnostic software.
