PaidUp

Security Policy

Last Updated: January 4, 2026

At PaidUp, security is fundamental to everything we do. As a financial technology platform handling earned wage access, we implement industry-standard security measures to protect your personal and financial information.

How We Protect Your Data

Secure Infrastructure

  • All data is encrypted in transit using industry-standard HTTPS/TLS encryption
  • Database records are encrypted at rest
  • Backend services hosted on secure cloud infrastructure with enterprise-grade security
  • Mobile app distributed through official Apple App Store and Google Play Store channels

Access Controls

  • Employee access limited to only what's necessary for their role
  • Multi-factor authentication required for internal systems
  • Regular security updates and patches applied to all systems

What We Don't Store

We never see or store your sensitive financial information:

  • ❌ Bank account numbers
  • ❌ Routing numbers
  • ❌ Full debit card numbers
  • ❌ Card CVV/security codes
  • ❌ Social Security Numbers

All financial account information is collected and securely stored by our payment processor, Stripe Connect. We only receive tokenized references and the last 4 digits of your accounts for display purposes.

Trusted Security Partners

We rely on industry-leading, certified providers to handle sensitive operations:

Payment Processing

  • Stripe Connect - PCI DSS Level 1 certified payment processor
    • You enter your bank and card information directly with Stripe, not PaidUp
    • Handles all secure storage of financial account data
    • Processes wage advance transfers

Identity & Authentication

  • Clerk - SOC 2 Type II compliant authentication
    • Manages password security and user sessions
    • Handles credential storage with industry-standard encryption

Communication & Verification

  • Twilio - Phone and email verification
    • Sends verification codes during account setup
    • No long-term storage of message contents

Error Monitoring

  • Sentry - Error tracking and diagnostics
    • Automatically scrubs sensitive data before transmission
    • Helps us identify and fix bugs quickly

All partners are contractually obligated to protect your data and comply with applicable security and privacy regulations.

Pilot Program Notice

PaidUp is currently operating as a Pilot Program with a limited set of employers. During this phase:

  • We maintain conservative limits and manual review processes
  • We're continuously improving our security practices based on real-world usage
  • We provide direct support channels for rapid issue resolution

As we scale beyond pilot, we're committed to:

  • Regular third-party security audits
  • Enhanced fraud detection systems
  • SOC 2 Type II certification
  • Bug bounty program for responsible security research

Your Responsibilities

Protect Your Account

  • Use a strong, unique password
  • Never share your login credentials with anyone
  • Log out on shared devices
  • Keep your email and phone number up to date

Watch for Scams

  • We will never ask for your password, bank account number, or SSN via email or SMS
  • Always verify you're using the official PaidUp mobile app
  • Contact support@trypaidup.com if you receive suspicious communications

Report Issues Immediately

Contact us at support@trypaidup.com if you notice:

  • Unauthorized access to your account
  • Transactions you didn't initiate
  • Unexpected account changes
  • Suspicious messages claiming to be from PaidUp

Reporting Security Vulnerabilities

We welcome responsible disclosure of security issues.

To report a vulnerability:

Email: security@trypaidup.com

Please include:

  • Description of the issue
  • Steps to reproduce (if applicable)
  • Your contact information for follow-up (optional)

What to expect:

  • Acknowledgment within 48 hours
  • Updates on our investigation
  • Credit for responsible disclosure (if desired)

Please don't:

  • Publicly disclose the issue before we've addressed it
  • Access or modify data that doesn't belong to you
  • Harm PaidUp or our users in any way

We commit to working with security researchers in good faith.

Privacy & Data Practices

Data We Collect

We only collect information necessary to provide our services:

  • Employment information (from your employer)
  • Identity verification data (name, email, phone)
  • Transaction history
  • Basic usage data

See our full Privacy Policy for details.

Data Sharing

We share data only as necessary:

  • With your employer's payroll system (for direct deposit coordination)
  • With our service providers listed above
  • When required by law

We do NOT:

  • Sell your information
  • Use it for advertising
  • Share it for marketing purposes

Regulatory Compliance

We comply with applicable laws and regulations, including:

  • Electronic Fund Transfer Act (EFTA) and Regulation E
  • Gramm-Leach-Bliley Act (GLBA)
  • State privacy laws (CCPA, VCDPA, CPA, etc.)

Contact Information

General Support: support@trypaidup.com

Security Issues: security@trypaidup.com

Privacy Requests: privacy@trypaidup.com

Website: www.trypaidup.com

Limitations

While we use industry-standard security measures, no internet-based system is 100% secure. We cannot guarantee absolute security, but we commit to:

  • Using commercially reasonable security practices
  • Promptly addressing identified vulnerabilities
  • Transparent communication about security incidents
  • Continuous improvement as we grow

For complete terms, see our Terms of Service.

Thank you for trusting PaidUp. We take your security seriously and are committed to protecting your information.