GoCardless Recurring Payments Platform - Digital Marketplace (2024)

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: GoCardless has over 250 integrations with Accounting, Billing and CRM systems, such as Sage, Salesforce and Zuora.
You can search our partners here: https://gocardless.com/partners
Cloud deployment model: Private cloud
Service constraints: Very occasionally we have planned downtime for important database maintenance. Customers are notified via email well in advance of this. You can also view the status of GoCardless here: https://www.gocardless-status.com/. Uptime for the last year at the time of writing is 99.99% (1st May 2021-1st May 2022).
System requirements: Access to the internet via browser

User support

Email or online ticketing support

Email or online ticketing

Support response times

Our Customer Support team has set SLAs for response times, depending on the customer success package chosen. You can find an overview here https://gocardless.com/solutions/customer-first-support-and-services/ and in our service definition document.

We offer support by phone and email; customers on our Premium package have access to priority phone lines and 24/7 support.

GoCardless also offers an award-winning online support centre, which can be accessed below:
https://support.gocardless.com/hc/en-gb.

User can manage status and priority of support tickets

Phone support

Yes

Phone support availability

9 to 5 (UK time), Monday to Friday

Web chat support

Onsite support

Support levels

Our Support Team is based in London and provides phone and email support. Standard support is provided from Monday to Friday 9 am to 6 pm. You can find an overview here https://gocardless.com/solutions/customer-first-support-and-services/ and in our service definition document. Customers on our Premium package have access to priority phone lines and 24/7 support.

GoCardless also offers an award-winning online support centre, which can be accessed below: https://support.gocardless.com/hc/en-gb

GoCardless has won Customer Support awards for its online support services. **“Most Effective Self–Service Initiative” at European Contact Centre & Customer Service Awards * *

Support available to third parties

Yes

Onboarding and offboarding

Getting started

GoCardless offers the following help to government services get started collected payments:
- Onboarding training following a train-the-trainer model
- Getting started section including tutorials and videos by topic in the GoCardless Support Centre and Knowledge Hub: https://support.gocardless.com and https://hub.gocardless.com/
- Guide to getting started with building an API integration: https://developer.gocardless.com/getting-started

Service documentation

Yes

Documentation formats

HTML

End-of-contract data extraction

- Extract customer/mandate data via the 'bulk change' process of migrating your customers' mandates from GoCardless to another Direct Debit provider (free of charge).

- Run and export payment and mandate reports (including dates, amounts and other historic information regarding payments taken, payments attempted, mandates setup and any additional customer information, such as unique reference numbers) in .csv format.

End-of-contract process

We offer rolling and fixed-term contracts.

To cancel the contract, simply email your Account Manager, or our Support Team on [email protected], requesting for your account to be terminated.

The contract will then be cancelled in accordance with its terms, and fees will discontinued as appropriate.

There are no cancellation fees, and no other associated fees with cancelling the service.

We will 'bulk change' / migrate your customers from GoCardless to another Direct Debit provider at the point of service termination for free, if required.

Using the service

Web browser interface

Yes

Supported browsers

Microsoft Edge
Firefox
Chrome
Safari
Opera

Application to install

Designed for use on mobile devices

Yes

Differences between the mobile and desktop service

The GoCardless website is responsive to ensure it can be used across all devices.

Service interface

Yes

User support accessibility

None or don’t know

Description of service interface

Dashboard & API

Accessibility standards

None or don’t know

Scaling

Independence of resources: We apply a rate limit to all API requests, to prevent excessive numbers of simultaneous requests from an individual integrator degrading the API experience for others. Currently, this limit stands at 1000 requests per minute, per merchant. If you are making requests from a partner integration (on behalf of a merchant), the rate limit is 1000 requests per minute per merchant. See rate limiting https://developer.gocardless.com/api-reference/#making-requests-rate-limiting

Analytics

Service usage metrics: No

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)

Other locations
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Encryption of all physical media

Other
Other data at rest protection approach: We use data centres that comply with SSAE-16 / ISAE 3402
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: In-house destruction process

Data importing and exporting

Data export approach: Merchant end users can export their payment and mandate creation reports to an Excel file.
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability

We have an SLA for platform availability, with the top level of availability being 99.9%. We provide provide service credits in the result of it not being met, on a sliding scale.

Uptime for the last year at the time of writing is 99.99% (1st May 2021-1st May 2022).

Approach to resilience

Available on request.

Outage reporting

Updates in live time are available at:
https://www.gocardless-status.com/

Merchants are notified via email in advance for scheduled outages.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Username or password
Access restrictions in management interfaces and support channels: GoCardless admin users need to be on company VPN and use two-factor authentification;
Infrastructure access is also under VPN and on a per-user basis.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Audit information for users

Access to user activity audit information: No audit information available
Access to supplier activity audit information: No audit information available
How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: The British Assessment Bureau
ISO/IEC 27001 accreditation date: 23/09/2016
What the ISO/IEC 27001 doesn’t cover: We can provide the Statement of Applicability that accompanies our ISO 27001 certification, on request.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Security work is coordinated by a designated group of managers and specialists which meets quarterly to assess the effectiveness of ongoing internal audits and security risk management. It is formed of individuals from different business functions, the majority being engineering staff. Progress is periodically reported to the Chief Product and Technology Officer. A security performance report is submitted annually to the CEO and the senior management team for review.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Technical changes and their impact on security are evaluated as part of the project scoping and delivery workflow. Mandatory peer reviews of code and technical stability is evaluated through unit and integration testing.
Code and configuration files are managed using Github for version control, shared ownership and code review.
Software changes are integrated continuously including automated evaluation of code quality and running of unit and integration tests.
All urgent security patches are applied immediately and other updates as soon as reasonably practical.
Business and compliance changes are evaluated as part of routine weekly senior management meetings and quarterly Board meetings.
Vulnerability management type: Undisclosed
Vulnerability management approach: We use a third party.
GoCardless applies all urgent security patches immediately and applies other updates as soon as reasonably practical.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: In the event of a serious incident, GoCardless will inform affected merchants and partners without undue delay, providing a summary of the extent, expected impact and status of the incident. Details for contacting GoCardless about that incident will be communicated with that information. Status updates will follow at regular, frequent intervals that will be determined during triage of the incident.
Incident management type: Undisclosed
Incident management approach: A team of experienced site reliability engineers is responsible for responding to technical and security incidents, and they follow a pre-defined process. The duty engineer role rotates weekly and the designated engineer is available to respond 24/7. Additional members of the team, including engineering managers can be contacted in the event of a particularly complex incident. Users can report issues via our normal support channels.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change: Fighting climate change

We are committed to reducing our impact on the environment and to leaving a more sustainable world for future generations.
In 2021, we became co-founders of the Tech Zero coalition, a group of businesses committed to taking climate action as part of the UNFCC Race To Zero. Since then, we became signatories of Business Ambition for 1.5°C, committing to set both short-term and long-term emissions reductions in line with the Science Based Target initiative Net Zero standard.
We have launched Sustainability Strategy and Net-Zero action plans. These set out our long-term strategy of not only reducing our impact, but seeking opportunities to create positive change.
This also sets out our Science Based Targets for 2027 (short-term target) and 2035 (Net-zero).
Our Net-Zero action plan outlines how we plan to reduce our emissions and reach these targets by working with our customers, suppliers, and our employees.
We are continuously measuring and reviewing our progress. We are also creating tools to help our business partners to also create sustainability plans.
Additionally, we have reduced our market based scope 1 & 2 emissions by 90% since 2019 (in 2022 this reduction will reach 99%), and have developed a pilot project with one of our customers (the Big Clean Switch) to ensure the energy from customers' use of our product - alongside home working energy - is either provided by renewable energy, or matched.
You can read more about our sustainability initiatives, and find our action plans as well as other resources, here: https://gocardless.com/sustainability
Equal opportunity: Equal opportunity

We want GoCardless to be a diverse, inclusive and fair workplace for all and so we have increasingly placed a focus on Diversity and Inclusion (D&I). Our ambition is to look beyond pure demographics and foster a culture where true diversity of thought is nurtured and recognised as adding undeniable value to how we do business.
As part of this, GoCardless continuously reviews both our hiring processes and channels to eliminate bias. We’ve introduced programs that attract diverse talent and we continuously seek to create hiring experiences that are fair, transparent and accessible by all.
We are working on creating a transparent framework for how we grow and develop talent in a scaling organisation. This will include bringing more clarity on internal career opportunities and provide clear expectations on the behaviours we want to see aligned to our values and commitment to building an inclusive organisation.
Additionally, the introduction of systematic processes helps us ensure compensation decisions are data-driven, fair and competitive. We have also invested in Reward capability and expertise to ensure we bring pay equity into every step of the employee journey.
Lastly, GoCardless has volunteer employee resource groups (ERGs) to promote BEAM, gender equality, LGBTQIA+, and accessibility interests across the company, as well as give employees a community of people with whom they share experiences and interests.
You can read more, and find our gender pay gap report, here https://gocardless.com/about/diversity-inclusion
Our latest blog post on our gender pay gap report can be found here: https://gocardless.com/blog/en-gb-gocardless-gender-pay-gap-report-2020-21
Wellbeing: Wellbeing

Much of our focus on our employee's wellbeing overlaps with our equal opportunity initiatives above. In addition to our answers there we’ve been providing activities such as lunchtime yoga and pilates, flexible working, team lunches (and lunch roulette), as well as weekly/monthly town halls for years. We also provide run ad-hoc events, such as providing employees with a takeaway allowance allowing them to eat virtually together.
We adopted hybrid working (ie. with employees in the office and remote) since before the coronavirus pandemic, and will continue to work on our model in line with international feedback.
Employees are encouraged to talk to line managers about any concerns they have, as well as being able to submit questions in town halls to be answered by senior staff.
We provide an annual learning allowance in partnership with Learnably, and run an annual career development week in combination with ad-hoc events.
Employees are able to join remote exercise sessions, and we run a range of mental health & wellbeing events throughout the year.

Pricing

Price: £4,800 a licence a year
Discount for educational organisations: No
Free trial available: No

Service documents

Pricing document

PDF
Service definition document

PDF
Terms and conditions

PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at [email protected]. Tell them what format you need. It will help if you say what assistive technology you use.