Keeping your data secure is our priority
Security

Security

Keeping your data secure is our priority

At PayFit, we believe it is our duty to keep your data secure. PayFit is ISO 27001 certified by an independent auditor.

Security

Security

PayFit is committed to keeping your data safe and out of the hands of those without authorisation.

Confidentiality

Confidentiality

We use several different methods to ensure that your account remains secure at all times. Your data is also encrypted in our database.

Integrity

Integrity

We strictly control who has access to your data, both online and internally. This is done to ensure that your documents are protected against any unauthorised alterations. We also back them up every hour.

Availability

Availability

Real-time data replication to three data-centres in France. We also use automatic failover in the unlikely event that we experience any technical difficulties.

Learn more about our data security

  • People
  • Physical Security
  • Assets
  • Data
  • Legal
  • Hosting & network
  • Logging
  • Availability & resilience
  • Incident response
  • Security audits

People

  • Background check on all candidates.
  • Requirement for all employees to sign a confidentiality agreement and to follow the internal digital policy.
  • Enforcement of device security policies globally through a centralised management tool with monitoring and remediation capabilities.
  • Regular security training for all employees and a quarterly review of internal security policies.
  • In order to separate developing roles from consulting and validating roles, we use a RACI matrix framework for the development and management of all tasks.
ISO 27001

ISO 27001

As a certified ISO 27001 company, we are fully committed to securing and protecting your data. We also regularly review our processes to ensure that best practices are put in place.

Learn more

Learn more about our security policy

Download the security white paper

Bug bounty programme

We are interested in any research on our systems and value any documented discovery. For that purpose, we run a private bug bounty programme on HackerOne so that we can identify and mitigate security threats.

Learn more about our bug bounty programme or the way to report issues