Security

The safety of your data and transactions is our top priority.
‍

• FCA regulated
  ‍Pollen Technologies Ltd is authorised by the Financial Conduct Authority under the Payment Service Regulations 2017 (firm reference no. 768011).
  
• Physical security
  ‍Our service operates on Amazon Web Services (AWS) which is certified under a number of global compliance programmes which underlines best practices in terms of data centre security.
  ISO 27001 Information Security Management Controls
  ISO 27018 Personal Data Protection
  
  For the full list of AWS compliance programs see: https://aws.amazon.com/compliance/pci-data-privacy-protection-hipaa-soc-fedramp-faqs/
  
  More information about AWS data centre controls may be found here: https://aws.amazon.com/compliance/data-center/controls/
• Network security 
  We have dedicated systems in place to protect against Distributed Denial of Service (DDoS) attacks as well as man-in-the-middle attacks. We use reputable registrars to protect against domain hijacking and “phishing” attacks.
  
  Our platform undergoes regular penetration testing and has protection in place against common vulnerabilities like code injection attacks and cross-site scripting attacks.
• Information security
  ‍We comply with best practices and regulations pertaining to the management of personal data under the European Union General Data Protection Regulation (GDPR).
• Encryption 
  All network traffic is encrypted at a transport level and confidential information is encrypted at rest. We use best practices in terms of encryption key storage and security.
• Strong Access Control 
  Our platform provides a role based, hierarchical security model with two-step authentication and multi-factor authentication for sensitive systems. All access is logged and audited for suspicious behaviour.