The payouts platform of the internet economy

Protect supplier data with bank-level security

Your money, your data, and your customer’s data are as important to us as they are to you. The Trolley platform offers bank-level encryption, industry-standard compliance, and a full suite of tools to manage the security of your accounts, letting you operate in full confidence.

Trolley's multilayer data protection features

SOC 2® Type II Compliant

We ensure that our merchants receive the highest level of security and privacy controls—both in terms of system design and daily operations.

Enterprises and SMBs alike benefit from industry-leading security and privacy standards widely respected by the financial services industry. Protect customer data and build trust with Trolley’s top-notch security.

Bank-level security

Trolley uses end-to-end 256-bit bank-level security. We believe in always-on TLS and maintaining data encryption while at rest and in motion. All passwords and API secrets are one-way hashed using Bcrypt with a factor of 10. API secrets are generated using cryptographically secure random number generators and represent over 128-bits of entropy.

We have built-in tokenization of all sensitive information such as bank account and debit card numbers, government IDs and social security numbers.

Two-factor authentication

Enable two-factor authentication (2FA) on your Trolley account and receive an access code to sign from a new device. Secure your whole Trolley environment by enforcing 2FA for all users. Choose the 2FA method that works best for you: by email, SMS text message, or with an authenticator app.

User roles & permissions

Issue individual logins to each team member in your company that needs it, and assign an appropriate role to users with permission levels to match their responsibilities. We don’t charge extra fees for each user, so there is no reason for anyone to share logins.

We support five different roles with permissions levels specific for developers, read-only users, admins, owners and regular team members – each with access levels that make sense to that user.

Login history

View team members' login history, including account, time, IP address, and login location (city, region, country) to audit strange account activity or out-of-the-ordinary payments.

IP & domain white-listing

Add an additional layer of security to your Trolley dashboard by white-listing approved IP addresses, and restricting access from any other IP addresses. Helpful if you only wish to allow access from your offices or other approved locations. You can also limit access to the API to just from your domains.

Security notifications

Keep informed instantly when one of your staff users requests a password reset on their account, sets a password, or other user-level activity.

Notifications can be sent by email, text message, or to a Slack channel.

Send faster payouts, simplify your tax process, and sync your tools with one platform

Let Trolley take care of payouts, so you can focus on what really matters: growing your business.