How is the data stored and how does Subaio protect it?


Subaio works with a lot of data so, of course, security is our number one priority. We work with payment data in various forms, so having a secure service is really our top priority. And we have a whole area of different bank engineers working for us building this platform, so this is built by bank engineers for bank engineers.

But the service is not just secure, it’s also flexible. So if you are a bank and you want to have this service within your environment, you have different choices when it comes to just the hosting part where you want the data to be hosted.

You can host it on your own on an on-prem solution or you can host it in a private cloud, which most of our clients are doing at the moment, or you can host it on a public cloud. On our side we are regulated by various different entities within the European Union and some of them are the FSAs of different countries. We have our own ISAE 3402 certification as well, and this ensures that we have the documentation for our different processes, but it also ensures that we’re managing our different process on a daily, weekly, monthly basis and, of course, we have our AISP license as well which makes it possible for us to work on on PSD2 aggregated data as well.

When it comes to how we then handle this type of data… We basically get the data in on one side and then we take it out on the other side. That’s of course simplifying everything but that’s basically what happens, because Subaio is a data processor. We don’t store the data, we don’t handle sensitive customer information, so we say a big no to PIIs. So when it comes to PIIs, we don’t store any of these, and we don’t handle them, and that means that we are a data processor, and we’re also giving all the data to you. 

This means that the service that we provide is yours. It’s you – the bank – that is giving the service to your customers. This also means that you are not in need of a lot of different screens for an on-boarding process. You don’t need that lengthy onboarding process when it comes to also having them saying yes to a bunch of new terms and conditions, because this is your feature. This is your way of serving your clients. So all these different parts, they’re simply not needed.

When it comes to the PIIs, just to show you how we’re actually not storing any of these things, it’s pretty simple. What we do, is that we on the bank side have for instance a customer. Let’s call him Peter Smith and Peter Smith has an ID number and on our side we only know that ID number so we don’t know anything about Peter. We don’t know his age, we don’t know his name, we don’t know his gender, all we had is actually this ID number, and we mirror that ID number into your database, and that means that you’re the only one that is that is knowing that Peter Smith is actually behind that ID number. And this is very important when it comes to delivering the service to your clients, and also deploying it quickly into your environment, and trusting that we, on our side of course, are the ones that are able to handle this data in a secure way and also making it flexible. 

So just to recap what Subaio is and can do when it comes to handling your data and protecting it as well. We are a very, very customisable solution. Very much on the hosting side you’re the one deciding exactly how you want us to be able to handle the data. 

The second part is, that we are highly secure. So this is built by bank engineers for bank engineers. And thirdly, we are delivering a bunch of happy customers for you, because this is your product, this is your service delivering it to your customers and you are the one getting all the glory out of helping your customers with their subscriptions, both the overview and also the cancellation part.