Data Protection and Security

A Dedicated Team

We employ a full-time dedicated security team to manage and maintain our Information Security Management System. The business invests heavily in technology, infrastructure and staff to ensure a safe and secure environment.

External Auditing

Our solutions have been reviewed and audited by a number of organisations including extensive technical and security due diligence by local authorities, central government departments and UK banks, as well as external audits that we have funded ourselves.

Enterprise Class Security and Compliance

With a worldwide growth in cyber-security threats and an increase in data leaks and system compromises within household name organisations, we’re proud to offer in-house security capabilities typically only seen in large enterprises and specialist fields.

More about compliance


We have designed ParentPay with security in mind. We deliver end-to-end encryption from the client browser, right through to the bank.

Our developers receive regular specialist security training to ensure the continued delivery of robust, secure and trusted source code.

Tried and Tested

Our payment system is subjected to vigorous external security testing by industry leading ethical hackers highly regarded in their field. These specialists help locate any potential weak points for remediation.

Meeting requirements of GDPR

We only manage data with agreement of the data controller (the school). We use and continue to update safeguards around data handling and impose confidentiality requirements on our personnel. We will help schools meet the rights of the data subjects.

More about GDPR

PCI DSS Compliant

ParentPay is a certified Level 1 merchant, the highest level of certification under the PCI.

The PCI standard requires over 250 controls and requirements that span all areas of the business.

There are 12 high-level requirements for handling cardholder data and maintaining a secure network. Distributed between six broader goals, all are necessary for an enterprise to become compliant.

More about PCI-DSS

ISO 27001:2013 compliant

ParentPay is one of a handful of suppliers in the education sector to be awarded ISO 27001:2013 compliance certification by assessors accredited by the UK’s National Accreditation Service (UKAS). UKAS has established strict standards and practices to ensure appropriate levels of quality and independence.

More about the certification

Get Started, it’s Simple

Our experienced advisors are ready to help. They can answer any questions you may have; provide a quote for your school; or give a demonstration of our system. You can even arrange to see us in person; we’ll visit your school and show you and your staff how it all works.

Request more information