We never share your personal data without your explicit permission.
> Read our privacy policyWith your permission, tomato pay’s apps or our partners’ apps will use your financial data to provide services to you.
Depending on the service provided in the app, the types of data you can share may include your account number, account name, account balance, account currency, beneficiaries account name, standing order details, direct debit details, credit and debit card transaction details and account fees.
Below you can see what happens when you securely connect your financial accounts using our Account Information Service (AIS) or Payment Initiation Services (PIS) to an app.
Link your financial accounts to an app by providing the username, password and two-factor-authentication associated with your financial accounts.
Once your ownership of accounts has been verified, tomato pay retrieves your account information from your financial institution.
tomato pay then securely processes and shares your information with the app you’re using and establishes a secure connection that you control.
Initiate a payment from your financial account by selecting your financial institution, providing the username, password and two-factor-authentication associated with the account, and confirming the payment
Once the payment initiation has been confirmed, your financial institution will execute the payment according to the instruction.
tomato pay then confirms that the payment has been made. We will not hold your funds at any time when providing the payment initiation services.
For regulatory purposes we will make a record showing all of the payments made by you using the payment initiation services. Please note, this record will not include any sensitive payment data.
> Read our PIS terms of usePersonal data is a powerful thing. No one should access it without your permission. We have ensured that we design our security practices to meet or exceed industry standards.
The combination of the Advanced Encryption Standard (AES-256) and Transport Layer Security (TLS) help keep your personal information safe.
tomato pay uses secure cloud infrastructure technologies to help you to connect your accounts quickly and securely.
tomato pay requires multi-factor authentication for added security to help protect your data in our systems.
The tomato pay API and all its related components are continuously monitored by our information security team.
tomato pay is ISO27001 certified and fully compliant with the internationally recognised standard for the information security management system (ISMS). The standard requires systematic examination of any risks to information security, with comprehensive policies to manage those risks put in place. By continuously updating our data security policies we ensure that we are a proactive organisation, not a reactive one.
Accredited certification to ISO27001 validates that we are following international information security best practices. This demonstrates to our customers worldwide that we take the security of their data very seriously. Certification to ISO27001 ensures that all our client’s information is kept secure and shows our ongoing commitment to delivering an exceptional service.
Developed by the UK Government, the Cyber Essentials scheme, has been designed to prevent the most prevalent forms of cyber attacks. The Cyber Essentials scheme provides a higher level of assurance, tested by a qualified and independent assessor who simulates basic hacking and phishing attacks and is now a minimum requirement for bidding for some government contracts. 5 key controls required help to protect against internet-based attacks:
tomato pay Labs Ltd is authorised and regulated by the Financial Conduct Authority, and is registered with the Information Commissioner's Office.
If you have any questions, please don’t hesitate to contact us at legal@tomatopay.co.uk.
