User protection Safeguarded payment environment

Protecting users is part of our DNA. Our teams thoroughly analyse the regulatory landscape to not only stay ahead of the latest changes but also go the extra mile.

Full control for full compliance

Our specialists go one step further to protect users.


    Regular audits ensure that no sensitive card payment data is stored within our environment. We are a certified Level 1 PCI merchant.

  • GDPR

    Fully compliant with recent data protection regulation, we strictly use data for payment necessities and never monetise it.

  • DSP2

    Our European banking licence and close collaboration with our local regulator ensures compliance with DSP2 requirements and the latest payment directives.

Exclusive security system

We protect data the instant it enters our system.

  • Safe servers

    Our bare-metal and redundant servers in two certified tier IV datacenters guarantee reliable and secure data treatment.

  • Secure bank account

    Funds are held on our escrow account to ensure their availability while relieving you of the associated regulatory burden.

  • Authenticated API calls

    Every API call is authenticated thanks to our secure encryptions.

  • Internal scans

    Regular checks by our specialists and penetration tests by certified auditors ensure our compliance with banking standards and regulation.

  • Tokenised card data

    Payment data is encrypted to ensure that payment details may be kept for future use in a secure environment.


Asked questions


Are card details stored within MANGOPAY's system?

No. Card details are not present within our system. However, we tokenise sensitive data to efficiently process payments. This allows for a secure and trustworthy...
See more

Can I request for user data to be deleted?

Yes. You can request a user's data to be deleted. However, European anti-money laundering and terrorist financing regulation requires some data to be stored for...
See more

Does MANGOPAY provide platforms with PCI DSS certificates?

No. We fully comply with PCI DSS requirements. Platforms should ensure that they also comply by completing the appropriate checks, including the Self-Assessment Questionnaire.