Bond's environment is designed for more than compliance - it's designed to keep data safe using the highest security certifications such as SOC2 and PCI.
Bond leads the industry in our security standards and undergoes regular external review and auditing.
Bond undergoes an annual SOC2 assessment that validates the design and operating effectiveness of our security program. We regularly review the compliance of our critical vendors and a copy of our latest SOC2 report is available upon request and under NDA.
Bond security controls for data protection meet or exceed the Payment Card Industry Data Security Standard (PCI-DSS). While Bond does not process transactions, we do handle credit card data directly on behalf of our brands as part of our platform. Bond is committed to the PCI-DSS to ensure that consumer credit card data is protected while in our care. A copy of our latest PCI attestation of compliance (AoC) is available upon request and under NDA.
Our platform is designed for security from the ground up
Bond’s full-stack platform combines modern APIs and SDKs, enterprise-grade infrastructure, and a full-featured sandbox so you can start transacting now.
Bond independently complies with all requirements from relevant security standards
Bond operates in an Amazon AWS VPC (virtual private cloud) and benefits from all of AWS security controls
Bond’s platform is designed according to security and privacy principles at all times. Our control environment includes: full structured and unstructured data tracking across all data stores, secure vaulting of sensitive data, comprehensive security testing and event monitoring, least-privilege access, and much more
Bond offers a highly secure platform and customers are required use the platform in a secure manner, too. Bond customers should share only the data that is needed and must comply with the terms of service. Business partners are required to adhere to strict banking standards
Data is structured, monitored, and controlled within Bond to meet or surpass the highest security standards
Sensitive data elements are confined to a single secure data vault. Platform components use tokenized data instead to perform all functions, ensuring that even if a data store is compromised, there is no risk to underlying sensitive customer data
Data in Bond is always encrypted at rest and in transit using strong cryptography
Bond employs a real-time, around-the-clock security operations center to implement eyes-on-glass monitoring of security events across the entire platform
Bond implements a least-privilege need-to-know role-based access control system across its entire platform. Only authorized staff can access sensitive data and only when needed to perform job duties
Bond customer data is always segregated within the platform and there is no commingling of data
Bond never uses customer data for our own purposes, except as necessary to provide services to our customers
Bond is not just a brand or company, but we are a team of dedicated industry veterans, technologists and thought leaders whose collective mission is to improve financial services and enable innovators like you to innovate. Will you join us?
How a corporate lawyer and a finance guy ditched the rat race to build a 750 million barbershop app
‘It all goes back to creating access’: A day in the life of Roy Ng, co-founder and CEO of Bond
Fintech founder predicts the biggest 4 banks will be worth ‘less than $100 billion’ in 5 years
