Security, Privacy & Compliance

We take the security and privacy of your data seriously. Here is how we protect it and what compliance frameworks we operate under.

Infrastructure

Vercel

SOC 2 Type II

Hosting & deployment infrastructure

Supabase

SOC 2 Type II

Database & authentication

Stripe

PCI DSS Level 1

Payment processing

Twilio

SOC 2 Type II

Telephony & call routing

Resend

SOC 2 Type II

Transactional email

Privacy Compliance

🇺🇸

CCPA

We comply with the California Consumer Privacy Act. We do not sell personal information. California residents may exercise their rights by contacting us.

🇨🇦

PIPEDA

Canada's Personal Information Protection and Electronic Documents Act. Strong Pay Services Inc. is incorporated in Ontario, Canada and operates under PIPEDA.

🇬🇧

UK GDPR

We comply with the UK General Data Protection Regulation and the Data Protection Act 2018 for customers and leads located in the United Kingdom.

🇦🇺

Australian Privacy Act 1988

We comply with the Australian Privacy Principles (APPs) governing the collection, use, and disclosure of personal information for our Australian customers.

Security Practices

Encryption in transit

All data is encrypted using TLS 1.2+ between your browser and our servers.

Encryption at rest

All stored data is encrypted at rest using AES-256.

Access controls

Role-based access controls and row-level security ensure you only see your own data.

No card data stored

We never store payment card details. All payments are handled by Stripe.

Secure authentication

Authentication is handled by Supabase with secure session management.

Vendor management

All third-party providers are vetted and bound by data processing agreements.

Need a Data Processing Agreement (DPA)?

If your organisation requires a formal Data Processing Agreement for UK GDPR, PIPEDA, or internal compliance purposes, we can provide one. Contact us and our team will respond within 2 business days.

Request a DPA

Questions or security concerns?

If you have questions about our security practices, want to report a vulnerability, or need compliance documentation for your procurement process, get in touch.