Security

As an organisation that values the privacy and security of personal data, we are fully committed to complying with the General Data Protection Regulation (GDPR). We have implemented a number of measures to ensure that our data processing procedures are in line with GDPR requirements, including obtaining explicit consent from users for data collection and processing, providing clear and concise privacy policies, and ensuring that user data is only accessed by authorised personnel. We also regularly review and update our data protection policies and procedures to ensure that we remain compliant with any changes in GDPR regulations.

Our payment processor, Stripe, is PCI Level 1 compliant, which is the highest level of certification available in the payment industry. This means that the company meets or exceeds the industry's most stringent security standards, including encryption, tokenisation, and two-factor authentication.

All of Fillit’s services are hosted in Amazon Web Services (AWS) facilities. Data is stored in AWS data centres based in the EU. To find out more about AWS security protocol please visit their site using the below link. We work with Intercom to provide safe and secure customer support to our users. Customer trust and data security are critical to everything Intercom do, please read more at Intercom’s security page linked below.

All payments are processed by our Payment Service Provider (PSP) Stripe. Stripe is a highly secure PSP that offers a range of payment processing solutions for businesses. The company sees security as its highest priority and has implemented numerous measures to ensure the safety and security of its users' sensitive financial data. Stripe is PCI Level 1 compliant, which is the highest level of certification available in the payment industry. This means that the company meets or exceeds the industry's most stringent security standards, including encryption, tokenisation, and two-factor authentication. Additionally, Stripe offers fraud detection and prevention tools to help businesses identify and prevent fraudulent activity. With its strong commitment to security, Stripe provides a reliable and trusted payment processing solution for businesses of all sizes.

The Heroku platform allows us to focus on application development and business strategy while Heroku focuses on infrastructure management, scaling, and security. Heroku applies security best practices and manages platform security so customers can focus on their business. Our platform is designed to protect customers from threats by applying security controls at every layer from physical to application, isolating customer applications and data, and with its ability to rapidly deploy security updates without customer interaction or service interruption.

To ensure the safety and security of our platform, we have a strict verification process that includes verifying the user's email address and bank details. Our team also utilises advanced technology through our partner Stripe to detect fraudulent activity and suspicious behaviour. By providing a secure and trustworthy platform, we aim to create a positive user experience for all.

At our company, we understand that effective cyber security is not just about technology, but also about people and processes. That's why we employ a comprehensive approach to organizational cyber security that involves all levels of the company. We provide regular training and awareness programs to our employees to ensure they are equipped with the knowledge and skills they need to identify and respond to potential cyber threats. We also have strict access controls in place to ensure that only authorized personnel can access sensitive data. Our cyber security policies and procedures are regularly reviewed and updated to ensure that we remain up to date with the latest threats and technologies. By taking a holistic approach to cyber security, we are able to minimize the risk of cyber attacks and protect our users' sensitive information.