Vertrauen beginnt mit Transparenz.
TeamFeePay ist für die Menschen gebaut, die Amateurfußballvereine leiten — und für das Vertrauen, das sie uns mit den Daten ihrer Mitglieder entgegenbringen. Erfahren Sie mehr über unsere Zertifizierungen, Sicherheitsmaßnahmen und die Kontrollen, die Ihre Daten schützen.
Erkunden Sie unsere Vertrauensposition
Jede Kontrolle, die wir betreiben, abgebildet auf die Standards, die Ihr Team interessieren.
Security practices
How we protect the platform, our people, and the data clubs entrust to us.
Data protection
Encryption, key management, retention, and how we handle data subject rights.
Identity & access
Authentication, MFA, RBAC, and how we manage access to systems and customer data.
Infrastructure
Where the service runs, how it is hardened, and how we maintain availability.
Privacy
GDPR, ISO 27018 cloud privacy controls, and how we minimise personal data.
Incident response
How we detect, contain, and communicate security incidents — and the SLAs we hold.
Aktuelle Updates
Das Neueste aus unseren Sicherheits- und Compliance-Teams.
Single sign-on for clubs
SAML 2.0 and OIDC SSO are available on the Business plan.
Encryption in transit and at rest
TLS 1.2+ everywhere, AES-256 at rest, and managed KMS keys.
Vendor and third-party risk management
Every subprocessor goes through a documented risk assessment before we adopt it.
Data retention and deletion
Defaults, customer overrides, and how we honour deletion requests.
Häufige Fragen
Schnelle Antworten auf die Fragen, die Sicherheits- und Einkaufsteams uns am häufigsten stellen.
How do I request your SOC-style report or pen-test summary?
Visit the Compliance page and click the document you need. You'll be asked to provide your business email and accept a short NDA — after that the download is immediate and stored against your visitor record for re-download.
Where is customer data stored?
All production data is stored in UK and EU regions on tier-1 cloud providers. We do not store production data outside of the UK/EEA.
Are you GDPR compliant?
Yes. We process personal data in line with UK GDPR and the Data Protection Act 2018. ISO/IEC 27018 governs our handling of personal data in cloud environments.
How do you handle cardholder data?
We are a PCI DSS Level 2 service provider and minimise the cardholder data we ever see by routing card capture directly to our PSP. The platform itself stores only token references.