Skip to main content
Bankful
Login

SOC 1 compliance

Bankful is committed to secure, compliant, and reliable operations—so you can trust every transaction. We’ve completed our SOC 1 Type 1 audit, which confirms that our internal controls are designed to support accurate financial reporting and protect merchant data.

What is SOC 1 and why does it matter?

SOC 1 is a third-party audit that verifies how companies handle financial data. For platforms like Bankful, it shows that we have the right controls in place to ensure accurate transaction handling, reliable reporting, and secure system operations.

This matters to merchants because the way we process, route, and reconcile transactions directly affects your accounting and cash flow.

What was audited?

The audit covered the Bankful Payment Platform and Infrastructure System, including how we manage:

  • Merchant and partner onboarding
  • Transaction routing and refunds
  • Access controls (physical and digital)
  • System monitoring and incident response
  • Change management
  • Partner payouts
  • Business continuity and risk planning

Does Bankful store card data?

If a merchant communicates displeasure or challenges the refund decision or process, they can submit an appeal via normal support channels. If the merchant communicates legal action, or engaging with consumer protection bureaus, all subsequent communications should be managed by the head of operations, or be escalated further depending on the size/value of the account. Enterprise-level merchant complaints, for example, should be managed by the Compliance Officer.

How does Bankful keep data safe?

We apply a full set of industry-standard security measures to protect your data and ensure platform reliability, including:

  • Encryption at rest and in transit
  • Multi-factor authentication (MFA)
  • Quarterly access reviews
  • 24/7 monitoring with alerts and intrusion detection
  • Regular risk assessments and vulnerability scans
  • Disaster recovery testing across multiple U.S. AWS regions

Who oversees security?

Bankful has a dedicated Security Officer who leads our security program. Oversight is provided by a Security Steering Committee, with regular reporting to our executive team and Board of Directors.

How are system changes and incidents handled?

All changes to our production systems are:

  • Approved by IT leadership
  • Logged, tested, and validated before release
  • Performed only by authorized personnel under strict access controls

If an incident occurs, we follow a documented response plan that includes escalation, investigation, and—if required—notification in line with legal and contractual requirements.

Accessing Bankful’s SOC 1 Type II Report

Because the SOC 1 report includes sensitive operational details, it is available only under NDA to qualified customers and partners.

To request access, please contact support@bankful.com.

Disclaimer

This page is for informational purposes only and does not constitute legal or compliance advice. Refer to your merchant agreement and official documentation for full details.

Bankful’s commitment to security and assurance

From underwriting and transaction monitoring to settlement and reporting, Bankful’s systems are built on integrity, precision, and protection. Completing the SOC 1 Type II audit reinforces our continued investment in secure infrastructure and transparent operations—so merchants can focus on growth, not risk.