Trolley data & platform security policies

Your security is our top priority

Data security

Trolley is certified as SOC 2® Type II compliant by The American Institute of Certified Public Accountants (AICPA) meeting SSAE-21 requirements.

We use end-to-end 256-bit SSL bank-level security. We believe in always-on TLS and maintaining data encryption while at rest and in motion. All passwords and API secrets are one-way hashed using Bcrypt with a factor of 10. API secrets are generated using cryptographically secure random number generators and represent over 128-bits of entropy.

We have built-in tokenization of all sensitive information such as bank account and debit card numbers, government IDs and social security numbers.

Our service operates on Amazon Web Services (AWS) which is certified under several global compliance programmes which underline best practices in terms of data centre security.

  • SSAE16/SOC 1, SOC 2 and SOC 3
  • ISO 27001 Information Security Management Controls
  • PCI-DSS Level 1 Payment Card Standards
  • ISO 27018 Personal Data Protection
  • FIPS United States Government Security Standards


We comply with best practices and regulations about the management of personal data under:

  • the European Union General Data Protection Regulation (GDPR)
  • the UK Data Protection Act (DPA)
  • the EU-U.S. Privacy Shield Framework
  • the California Consumer Privacy Act (CCPA)
  • the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

Trolley is committed to protecting your personal information. For more details, please see our Privacy Policy


Your money, your data and your customer’s data are as important to us as it is to you. Here are some of the regulations we comply with to make sure you can use our services with peace of mind.

Australia: Trolley Payments UK Ltd. is registered with the Australian Transaction Reports and Analysis Centre (AUSTRAC) as a designated remittance provider. Our AUSTRAC registration number is IND100571450-001.

Canada: Trolley CA Inc. is registered with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) with registration number M18487871. We are also regulated by the Authorité des Marchés Financiers (AMF) in Québec as a Money Service Business, with license number 904296.

European Economic Area (EEA): In the European Economic Area, payment services are offered by our partner financial services provider, who is registered with the Dutch Central Bank with passporting rights across the EEA.

New Zealand: Trolley Payments UK Ltd. is registered in New Zealand as an overseas entity and is supervised by the New Zealand Department of Internal Affairs (DIA).

The United Kingdom and Gibraltar: Trolley Payments UK Ltd. is regulated by the UK Financial Conduct Authority (FCA) as an Authorized Payment Institution. Our registration number is 771016, with passporting rights in Gibraltar. Trolley is registered with the Information Commissioner’s Office with registration number ZA259566.

United States: In the United States, money transmission services are offered by our partner financial services provider, who is registered with the Financial Crimes Enforcement Network (FinCEN) and holds money transmitter licenses in over 35 US states.

Bank level security & encryption

Trolley takes data-security very seriously. We offer customizable security management settings and leverage bank-level encryption—so you can operate in full confidence.

Screenshot of Trolley’s security and SOC 2 compliance