Domande frequenti

Visit the Compliance page and click the document you need. You'll be asked to provide your business email and accept a short NDA — after that the download is immediate and stored against your visitor record for re-download.

Our ISO 27001 certification is renewed on a three-year cycle, with annual surveillance audits in between. The current certificate is available on the Compliance page.

Not yet. We have ISO/IEC 27001 and ISO/IEC 27018 certifications which cover an equivalent set of controls. A SOC 2 Type II report is on our 2026 roadmap.

All production data is stored in UK and EU regions on tier-1 cloud providers. We do not store production data outside of the UK/EEA.

Yes — all customer data is encrypted at rest using AES-256, with keys held in a managed KMS and rotated annually.

Yes — we engage an independent CREST-accredited firm to conduct a full application and infrastructure pen-test annually. An executive summary is available under NDA.

Yes. We process personal data in line with UK GDPR and the Data Protection Act 2018. ISO/IEC 27018 governs our handling of personal data in cloud environments.

Yes. Our standard DPA is available on request and we can also review reasonable customer-supplied DPAs.

If you are a club administrator, you can fulfil most data subject requests (access, correction, deletion) directly from the admin console. For anything that requires our help, email support@teamfeepay.com.

We are a PCI DSS Level 2 service provider and minimise the cardholder data we ever see by routing card capture directly to our PSP. The platform itself stores only token references.

Yes — we are a PCI DSS Level 2 service provider. Our PCI compliance is generated and maintained through our payment processor Stripe, who handle card data on our behalf, so we never store, process or transmit cardholder data directly.