← Back to Home

Security You Can Trust

GrassrootsPay is built with bank-grade security to protect your club's financial data and member payments.

256-Bit Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256) using the same standards as major banks.

PCI DSS Compliant

We never store card details. All payment processing is handled by Stripe, a PCI DSS Level 1 certified processor.

GDPR Compliant

Full compliance with UK GDPR and Data Protection Act 2018. Your members' data is protected by law.

Data Hosting

All data is stored in industry standard AWS data centres.

How We Protect Payment Data

We Never See Your Card Details

When a member makes a payment, their card details are sent directly to Stripe (our payment processor) using end-to-end encryption. GrassrootsPay never has access to the full card number or CVV.

What we store: A secure token from Stripe that allows us to process future payments (with permission)
What we never store: Full card numbers, CVV codes, PIN codes

Bank-Grade Payment Processing

Stripe processes billions of pounds for companies like Amazon, Google, and Shopify. They maintain:

  • PCI DSS Level 1 certification (the highest security standard)
  • SOC 1 and SOC 2 Type II compliance
  • 24/7 fraud detection and prevention
  • Financial conduct authority (FCA) authorization

Fraud Protection

Advanced machine learning models analyze every transaction for potential fraud, protecting both your club and your members from unauthorized payments.

Regulatory Compliance

GDPR & UK Data Protection

We comply with all UK GDPR and Data Protection Act requirements:

  • Clear consent for data processing
  • Right to access, rectify, and delete personal data
  • Data portability (you can export all your data anytime)
  • Breach notification within 72 hours (if applicable)
  • Data Protection Impact Assessments for high-risk processing

Financial Regulations

As a payment facilitator, we comply with UK financial regulations:

  • Electronic Money Regulations 2011 (via Stripe's FCA authorization)
  • Payment Services Regulations 2017
  • Anti-Money Laundering (AML) compliance
  • Know Your Customer (KYC) verification

Infrastructure & Reliability

Cloud Infrastructure

GrassrootsPay is hosted on enterprise-grade cloud infrastructure.

Backups & Disaster Recovery

Your data is automatically backed up every 24 hours with point-in-time recovery available. In the unlikely event of a disaster, we can restore your data within hours.

Monitoring & Incident Response

24/7 automated monitoring alerts our team to any issues. We have a documented incident response plan and will notify affected users within 24 hours of any security incident.

Questions About Security?

If you have specific security questions, please contact our security team.

Contact Security Team