T TeamFeePay Trust
Last reviewed 14 May 2026

Trust starts with transparency.

TeamFeePay is built for the people who run grassroots football clubs — and for the trust they place in us with their members' data. Explore our certifications, security practices, and the controls that keep your data safe.

View certifications Security practices Request a report
NQA
ISO 27001
NQA
ISO 27018
Stripe (acquirer-assessed)
PCI DSS L2

Explore our trust posture

Every control we operate, mapped to the standards your team cares about.

Browse all sections

Security practices

How we protect the platform, our people, and the data clubs entrust to us.

2 articles Explore →

Data protection

Encryption, key management, retention, and how we handle data subject rights.

2 articles Explore →

Identity & access

Authentication, MFA, RBAC, and how we manage access to systems and customer data.

2 articles Explore →

Infrastructure

Where the service runs, how it is hardened, and how we maintain availability.

2 articles Explore →

Privacy

GDPR, ISO 27018 cloud privacy controls, and how we minimise personal data.

2 articles Explore →

Incident response

How we detect, contain, and communicate security incidents — and the SLAs we hold.

2 articles Explore →

Recent updates

The latest from our security and compliance teams.

Incident response

Incident response programme

Severity tiers, SLAs, and how we communicate incidents to customers.

Reviewed 26 March 2026
Privacy

International data transfers

How we manage cross-border transfers under UK and EU rules.

Reviewed 23 March 2026
Privacy

Our role under UK GDPR

Where we act as a processor, where we act as a controller, and what that means.

Reviewed 24 April 2026
Data protection

Data retention and deletion

Defaults, customer overrides, and how we honour deletion requests.

Reviewed 06 May 2026

Common questions

Quick answers to the questions security and procurement teams ask us most.

Read the full FAQ

How do I request your SOC-style report or pen-test summary?

Visit the Compliance page and click the document you need. You'll be asked to provide your business email and accept a short NDA — after that the download is immediate and stored against your visitor record for re-download.

Where is customer data stored?

All production data is stored in UK and EU regions on tier-1 cloud providers. We do not store production data outside of the UK/EEA.

Are you GDPR compliant?

Yes. We process personal data in line with UK GDPR and the Data Protection Act 2018. ISO/IEC 27018 governs our handling of personal data in cloud environments.

How do you handle cardholder data?

We are a PCI DSS Level 2 service provider and minimise the cardholder data we ever see by routing card capture directly to our PSP. The platform itself stores only token references.