Security is of utmost importance at GoCardless. We take a number of steps to ensure customer data remains safe at all times:

  • Our access to the Direct Debit system is provided by some of Europe's major banks, who have approved our systems.
  • All customer data is treated in accordance with European data protection laws, including the Data Protection Act 1998.
  • All client-server communication is 256-bit SSL encrypted. The banking system requires just 128-bit.
  • We regularly perform internal and external security audits on all our systems and processes.
  • We will never share any data we collect from you with third parties, except for the specific purpose of processing your payments.

We are authorised by the Financial Conduct Authority to provide payment services as an Authorised Payment Institution. We serve more businesses than any other Direct Debit provider.

All money collected is held in a secure client monies account with either the Royal Bank of Scotland, Barclays Bank or SEB before being paid out to the merchant you're paying.