Our Data Principles
At Fidel, we ground everything we do in our Data Principles. They act as Fidel’s north star, guiding all aspects of our business from how we approach user consent, store and process data, to how we manage our client relationships.
Following those principles, Fidel’s technology now powers a myriad of next generation applications and some of the sleekest real-time, payments-led user experiences in the market today. Our APIs are live in three continents, with more markets in the works, and we partner with clients ranging from ambitious startups to large enterprises like British Airways, Royal Bank of Canada and Google.
Throughout Fidel’s growth, we’ve remained acutely aware of the responsibility that comes with safeguarding user data. To us, being innovative and reliable are not mutually exclusive concepts. Rather, they carry equal weight.
The Fidel API Data Principles
1 | You’re in control of your data and we will only share it with your consent
It all starts with control. Any card data we capture is handled with explicit cardholder consent, ensuring that the end-user is fully aware of the way their data is being used, by whom and for what purpose. We ensure that the cardholder can, at any time, choose to stop sharing their data and unlink their card. If this election is made, Fidel stops tracking transactions with immediate effect. Simple.
Fidel SDKs are easy to build with, and provide a clear, transparent and user-friendly way of managing cardholder consent. Once one of our clients has been approved by Fidel and our network partners, they are only able to view a cardholder’s transaction data with explicit consent, as well as the participating merchants’ consent.
2 | We believe you should be the ultimate beneficiary of your data
Fundamentally, we unlock the value of real-time transaction data. This is done by providing the tools for developers to build programmable user experiences that deliver real benefits for cardholders. Specifically, Fidel APIs enable developers to engage with cardholders in real-time, so applications built with our tools can support a diverse set of solutions. Fidel-supported applications can include valuable experiences to reward customer loyalty such as creating locally-conscious reward programs that encourage neighbourhood spending to powering certain expense management solutions that revolutionize processing.
3 | We hold our partners and clients to the same standards as ourselves
We only partner with those who share and uphold our commitment to data privacy and security. We rigorously adhere to any and all relevant data protection laws and policies from European GDPR guidelines to the Californian CCPA laws - and we expect the same from all of our partners. We also ensure that our clients are reputable businesses with robust systems and privacy policies in place, which starts with in-depth T&C and privacy policy reviews of every business we work with, as well as ongoing monitoring of data use.
4 | We safeguard and keep your data secure
We maintain systems that are resilient against cyber attacks, monitor suspicious activity and safeguard card data via a robust encryption process called 'tokenization.’
Instead of holding the user’s card number, we mask it by assigning an encrypted token as an identifier. As the majority of our clients use our SDKs, this means that card information isn’t stored or kept anywhere and the client servers or applications are not exposed to sensitive information. This keeps transaction data secure and card numbers untouchable. In circumstances where some of our clients opt not to use our SDKs they must demonstrate full PCI compliance when enrolling cards themselves.
5 | We ensure that privacy design principles are at the core of our API and all our data products
By weaving clear consent rules and data encryption into our API toolkit, our clients are able to build best-in-class user journeys that are always on the cardholders’ terms and operate only within their permissions. The aim of all Fidel products is to allow developers to build new and innovative experiences that stretch possibilities, without compromising on security.
*****
We know that cardholders and merchants trust us with their data. Our clients trust us to provide secure tools for them to build with. Our network partners trust us to safeguard data. Honoring and preserving the trust of these stakeholders is at the core of our business, and allows our clients to tap into the real power of financial data and build engaging, immersive products around real-time payment events.
If you’d like to learn more about some of the key concepts tied to our data principles, head to our documentation pages for more detail.