Payhawk Trust Portal
Everything you need to know about information security and compliance of our platform, company, and services.
Compliance certifications and reports
Payhawk information security program is certified by some of the most stringent boards in the world. Feel free to download any of our certifications or executive summaries below.
Electronic Money Institution
NewThe Electronic Money Institution (EMI) license is a financial license that enables companies to issue electronic money and companies undergo vigorous review process, including security review to be issued a license. Payhawk is EMI licensed in the European Economic Area and the United Kingdom via FCA.
Visa Principal Member
NewThe membership grants Payhawk the ability to directly issue Visa cards without relying on third parties and provides Payhawk with greater control of its payment infrastructure.
PCI DSS Level 1
Our PCI DSS certification ensures the highest level of security for your payment card information. We follow industry best practices, providing a secure environment for processing, transmitting, and storing sensitive data
ISO 27001
Our ISO 27001 certification demonstrates our adherence to internationally recognized information security practices - we protect sensitive data from unauthorized access, misuse, disclosure, alteration, and destruction.
SOC 1 Type 2
Our SOC 1 report is designed to address internal controls over financial reporting and it's focused on both business processes and information technology objectives and testing.
SOC 2 Type 2
Our SOC2 certification signifies that we’ve implemented rigorous controls to ensure the security, availability, processing integrity, confidentiality, and privacy of customer data as defined by AICPA.
Penetration Testing
To ensure our systems are safe and reliable we perform at least annually an internal and external penetration testing. Here you may find our executive report from our last external pentest.
GDPR Compliant
We handle personal data with utmost care, transparency, and respect for individual privacy rights. We prioritize data protection, secure storage, and responsible data usage in accordance with GDPR guidelines.
DORA Compliant
We are one of the early adopters of The Digital Operational Resilience Act (DORA) to ensure we have comprehensive information and communication technology risk management, incident reporting, resilience testing and threat-intelligence sharing.
CSA STAR Level 1
NewPayhawk is listed in the CSA Security Trust Assurance and Risk (STAR) registry, reflecting our commitment to cloud security and transparency. This certification highlights our adherence to best practices for protecting customer data and managing risk in the cloud.
All your questions about security & compliance at Payhawk
We have compiled a list of commonly asked information security and privacy questions to help you understand our security posture.
If you still don't find the answers you are looking for, we're here to help!