Trolley Data & Platform Security Policies
1. SecurityAt Trolley, we take the security of your data and money very seriously.
2. Data securityWe use end-to-end 256-bit SSL bank-level security. We believe in always-on TLS and maintaining data encryption while at rest and in motion. All passwords and API secrets are one-way hashed using Bcrypt with a factor of 10. API secrets are generated using cryptographically secure random number generators and represent over 128-bits of entropy. We have built-in tokenization of all sensitive information such as bank account and debit card numbers, government IDs and social security numbers. Our service operates on Amazon Web Services (AWS) which is certified under several global compliance programmes which underline best practices in terms of data centre security.
- SSAE16/SOC 1, SOC 2 and SOC 3
- ISO 27001 Information Security Management Controls
- PCI-DSS Level 1 Payment Card Standards
- ISO 27018 Personal Data Protection
- FIPS United States Government Security Standards
We comply with best practices and regulations about the management of personal data under:
- the European Union General Data Protection Regulation (GDPR)
- the UK Data Protection Act (DPA)
- the EU-U.S. Privacy Shield Framework
- the California Consumer Privacy Act (CCPA)
4. RegulatoryYour money, your data and your customer’s data are as important to us as it is to you. Here are some of the regulations we comply with to make sure you can use our services with peace of mind.
- Australia: Payment Rails Ltd. is registered with the Australian Transaction Reports and Analysis Centre (AUSTRAC) as a designated remittance provider. Our AUSTRAC registration number is IND100571450-001.
- Canada: Payment Rails CA Inc. is registered with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) with registration number M18487871. We are also regulated by the Authorité des Marchés Financiers (AMF) in Québec as a Money Service Business, with license number 904296.
- The United Kingdom and Gibraltar: Payment Rails Ltd is regulated by the UK Financial Conduct Authority (FCA) as an Authorized Payment Institution. Our registration number is 771016, with passporting rights in Gibraltar. Payment Rails is registered with the Information Commissioner’s Office with registration number ZA259566.
- European Economic Area (EEA): In the European Economic Area, payment services are offered by our partner financial services provider, who is registered with the Dutch Central Bank with passporting rights across the EEA.
- New Zealand: Payment Rails Ltd. is registered in New Zealand as an overseas entity and is supervised by the New Zealand Department of Internal Affairs (DIA).
- United States: In the United States, money transmission services are offered by our partner financial services provider, who is registered with the Financial Crimes Enforcement Network (FinCEN) and holds money transmitter licenses in over 35 US states.