Bridge is a payment institution accredited and supervised by the Prudential Control and Regulation Authority (ACPR). As such, the institution complies with current regulations relating to the provision of account information services and payment initiation services.
Bridge places great importance on the protection of personal data and respect for the privacy of its clients and users.
The data is fully secured and processed in compliance with the General Data Protection Regulation (GDPR).
You will find more information regarding the personal data collected and the processing carried out on the dedicated page.
External and Internal Audits
To ensure optimal security, the API and the web application are subjected to rigorous quarterly audits conducted by external experts. Additionally, a dedicated internal team continuously audits the architecture and code.
Confidential data is encrypted in transit or at rest using AES256.
Access to encryption keys is strictly controlled and maintained with full traceability reviewed quarterly.
Security of Transmissions
All data are encrypted at rest and in transit using protocols such as TLS 1.2.
The REST API uses HTTPS exclusively.
The HTTPS protocol is systematically used to ensure the encryption of data between the API server and the end client’s server.
Also known as a bug bounty program, the program is operated via HackerOne, which brings together over 200 security researchers from around the world. It allows for the collective assurance of optimal security of Bridge’s information systems.