Security & Compliance

Trust is the foundation of payments. Voltpay maintains a security and compliance program designed to meet the requirements of the card networks, financial regulators, and data-protection laws in the markets we serve.

We are certified as a PCI DSS Level 1 Service Provider — the highest level of certification in the payments industry. We are assessed annually by a Qualified Security Assessor. Using our hosted fields and tokenization can significantly reduce your own PCI scope.

We maintain a SOC 2 Type II report covering the security, availability, and confidentiality trust-service criteria. Reports are available to customers under NDA on request.

We operate an anti-money-laundering (AML) and Know-Your-Customer (KYC) program. We verify the identity of businesses and their beneficial owners, screen against global sanctions and watch lists, monitor transactions for suspicious activity, and file reports as required by law.

We comply with the GDPR, UK GDPR, and CCPA/CPRA. We offer a Data Processing Addendum (DPA) and rely on appropriate safeguards, including Standard Contractual Clauses, for international transfers. See our Privacy Policy for details.

• AES-256 encryption at rest and TLS 1.2+ in transit.
• Network tokenization to minimize exposure of sensitive card data.
• Role-based access control, SSO/SAML, and least-privilege access.
• Continuous monitoring, logging, and 24/7 incident response.
• Independent penetration testing and a coordinated vulnerability-disclosure program.

We operate redundant, multi-region infrastructure and target a 99.99% uptime SLA for our core APIs. Real-time status and incident history are published on our status page.

Found a security issue? We appreciate responsible disclosure. Email supportvoltpay@gmail.com with details and we will respond promptly. Please do not access or modify data that is not yours.