Our Commitment

Paddle abides by strict enterprise-grade data and security measures, ensuring that your information is reliably secure across our system in transit and at rest.

  • SOC2 Type II certified

  • GDPR compliant

  • Vulnerability and penetration tested

Hosting

Paddle’s virtual, cloud-based platform is hosted in a secure, SOC2 Type II certified data centre in Montreal, Canada. However, clients have the option to host their data in the location of their choosing, including Europe and the USA. All data centres hosting Paddle data are fully secure facilities protected by 24/7 surveillance and controlled physical access protocols.

Data Safety

With Paddle, data is fully encrypted during all stages of its lifecycle, whether in transit, at rest, or in the process of being eliminated, ensuring that it can only be accessed by authorized roles and services with audited access. When being transferred, all data is fully encrypted via HTTPS.

Data Maintenance and Removal

Paddle establishes clear data deletion and maintenance expectations and guidelines with each client. All client data can be deleted across Paddle and dependent systems with ease and efficiency.

Access and Single Sign-On (SSO)

By leveraging existing organizational security elements, like established SSO processes, Paddle ensures that access to data and information is protected. Every user is verified using SSO before access is granted to Paddle.

Roles and Permissions

Paddle is a highly customizable system that allows clients to determine who has access to what and when. Administrative permissions and limitations can be assigned to select individuals or widely, depending on organizational preferences related to access to information.

Security

Paddle takes all reasonable measures, including administrative, technical and physical safeguards to help protect your personal data from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction.

We maintain strict security standards and procedures with a view to preventing unauthorized access to your data by anyone, including our staff. We use leading technologies such as (but not limited to) data encryption, firewalls, private VPCs, and server authentication via VPNs to protect the security of your data. Our staff and third parties, whenever we hire them to provide support services, are required to observe our privacy standards and to allow us to audit them for compliance.

Privacy Protection

Paddle is fully committed to protecting the privacy of its clients and users. We offer an extensive privacy policy, available for review upon request.