Avoiding the subscription death curve → Watch on-demand video

Trust and security

Privacy and security are critical for your business. That’s why we put them at the forefront of how we design and host our services.

Checklist icon

Our compliance standards

We certify with standards and frameworks to help merchants comply with their own requirements.


SOC 2 Type II

SOC 2 Type II (Service Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a service provider.

Contact us for more information
PCI DSS logo

PCI DSS Level 1

The Payment Card Industry's Data Security Standard is an information security standard for the handling of credit card information. PCI Level 1 compliance is the highest standard available and certifies that we handle sensitive data accordingly.

Contact us for more information
VISA service provider badge

The Visa Global Registry of
Service Providers

Bold is part of The Visa Registry of Service Providers which enables us to broadcast our compliance with Visa Inc. rules, industry security standards, and to promote our services to potential clients worldwide.

To check Bold's Visa service provider listing, click here.

Mastercard symbol

The Mastercard SDP Compliant Registered Service Provider List

Bold is part of The Mastercard SDP Compliant Registered Service Provider List which details how we are registered with Mastercard and compliant with the Site Data Protection (SDP) Program’s Level 1 service provider requirements.

To check Bold's Mastercard service provider listing, click here.

Checklist icon


Privacy and personal information protection are central to how we handle data. We comply with updated privacy legislation (including the GDPR and CCPA) as it becomes available. Learn more about our Privacy Statement here.

GDPR compliance

We’ve adjusted our infrastructure and implemented additional processes to meet the standards set by the GDPR (General Data Protection Regulation).

CCPA compliance

We’ve incorporated CCPA (California Consumer Privacy Act) standards into our data practices to meet merchant requirements under this legislation.

PIPEDA compliance

As our corporate headquarters are situated in Canada we follow the requirements set by PIPEDA (Personal Information Protection and Electronic Documents Act).

Privacy policy

Our privacy policy outlines how we offer ownership and control over content and personal information. It outlines the options that merchants and shoppers have to see their data, change it, or have it deleted.

Isolated environments

At Bold, our production network segments are logically isolated from our development or corporate segments, meaning your data can’t be accessed internally without a documented access request, vetted by our information security team.

Checklist icon


Our development processes, production environment and application architecture are all designed with security as a focus.



Bold’s servers are hosted on Google Cloud Platform (GCP), which is compliant with PCI DSS, ISO 27017, ISO 27001, SOC 2, and SOC 3.


All production infrastructure is monitored and logically administered by Bold’s operations team.

Physical security, power, and internet connectivity is monitored by Google.


Bold offers data centres in the United States and Canada.


Security Incident Response

In case of a system alert, events are escalated to our on-call incident handling team dedicated to specific response processes, including communication channels and escalation paths.

Dedicated security team

Our Security team is on-call 24 x 7 x 365 to respond to security incidents. We perform network security scans routinely for quick identification of out-of-compliance or potentially vulnerable systems.

and continuity


Bold maintains a publicly available status page which includes system availability details and information on scheduled maintenance.


Bold utilizes the latest in biological scaling algorithms and heuristics to determine optimal performance and network redundancies to eliminate single points of failure.

Our Disaster Recovery program ensures that services remain available or are recoverable in the case of a disaster.


Security training

On a monthly basis, Bold employees participate in security training as per compliance requirements. Additionally, our security team reviews security controls on a regular basis.

Bug Bounty

Our bug bounty program rewards security researchers for finding and disclosing vulnerabilities to us, so they can be proactively mitigated.