GoCardless is the UK’s leading Direct Debit provider, enabling over 20,000 organisations to take recurring payments however and whenever they want to.
In government, our clients include the DVSA, the Cabinet Office, as well as Peterborough, Harrow and South Kesteven Councils.
Other customers include the Guardian, Thomas Cook and Virgin.
- Online, phone and paper customer signup forms.
- No setup costs or fees for cancellations, failures or chargebacks.
- Flexible payments; collect on any day of the month.
- Take one off payments, or setup subscriptions.
- Access to industry leading API including webhooks and client libraries.
- Connect using pre-built integrations billing and CRM systems, including Jadu.
- Bacs approved and ISO27001 certified, FCA regulated.
- Pay only for successful transactions.
- Real-time notification of failed or cancelled payments.
- Ability to retry failed payments.
- Streamline your business systems with our off-the-shelf integrations, including Jadu.
- Build your own custom integration with our industry-leading API.
- Improve customer experience: simple online sign-up form, no paperwork.
- Reduce churn: no more expired/cancelled credit cards and failed payments.
- Less admin: automated payment collection and real-time payment status notifications.
- Save time with automatic renewals: no more chasing repeat payments.
- Improve customer support: instant notifications on payment failures and cancellations.
- Reduce payment failure rates with automatic bank account verification checks.
- Hassle free compliance: off-the-shelf online payment pages and email notifications.
- Own branded payment flow: option to customise payment pages/email notifications.
£0.10 to £0.60 per transaction per month
020 8338 9537
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||GoCardless has over 100 off-the-shelf integrations with Accounting, Billing and CRM systems.|
|Cloud deployment model||Public cloud|
|Service constraints||Very occasionally we have scheduled downtime for important database work. Customers are notified via email well in advance of this.|
|System requirements||Access to the internet|
|Email or online ticketing support||Email or online ticketing|
|Support response times||All customer support emails are responded to within 1 business day|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
Our Support Team is based in London and provides phone and email support from Monday to Friday 9 am to 6 pm. This support is provided as standard to all customers, free of charge. We also provide additional specialist technical support for our API users - also free of charge.
Larger customers and those using our Pro package are also assigned a dedicated account manager to support their requirements.
|Support available to third parties||Yes|
Onboarding and offboarding
GoCardless offers the following help to customers getting started with our service:
- Account set up guided steps in the GoCardless Dashboard
- Getting started section including tutorials and videos by topic in the GoCardless Support Centre: https://support.gocardless.com
- Guide to getting started with building an API integration: https://developer.gocardless.com/getting-started
|End-of-contract data extraction||
- Extract customer/mandate data via the 'bulk change' process of migrating your customers' mandates from GoCardless to another Direct Debit provider (free of charge)
- Run and export to Excel payment and mandate reports (including dates, amounts and other historic information regarding payments taken, payments attempted, mandates setup and any additional customer information, such as unique reference numbers).
There is no minimum contract for our standard plan as the fees are per transaction with no fixed payment. For our Plus and Pro plans there is a 30 day rolling contract
To cancel the contract, simply email your Account Manager, or our Support Team on firstname.lastname@example.org, requesting your account to be terminated.
The contract will then be cancelled 30 days post this notice, and fees will discontinue beyond this point.
There are no cancellation fees, and no other associated fees with cancelling the service.
We will 'bulk change' / migrate your customers from GoCardless to another Direct Debit provider at the point of service termination for free, if required.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The GoCardless website is responsive to ensure it can be used across all devices.|
|Accessibility standards||None or don’t know|
|Description of accessibility||The GoCardless platform provides an API to allow you to build our payment capability into your overall customer facing solution. You are free to build your website and applications to address these standards. Separately, we are working to ensure our public-facing website and account admin interface meet these standards.|
|Accessibility testing||The GoCardless platform provides an API to allow you to build our payment capability into your overall customer facing solution. You are free to build your website and applications to address these standards. Separately, we are working to ensure our public-facing website and account admin interface meet these standards.|
|What users can and can't do using the API||
The GoCardless API allows you to create a custom integration connected to your existing software in the way that you want to.
To use our API, customers sign up for a GoCardless account and create an access token which provides access to our API.
Requests can then be submitted to our API by providing this access token when sending an HTTP request.
GoCardless provides clear API documentation, pre-built code samples for popular programming languages and a free sandbox testing environment. We also provide free technical support for any questions.
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Description of customisation||
GoCardless allows you to create a fully customised payment solution. Our modern API enables you to build a custom integration into your existing business systems. This customised solution includes:
1. Own brand payment pages and end customer notification emails.
2. Your name on the customer's bank statement.
|Independence of resources||We rate-limit the number of API requests for each merchant. All merchants have the same requests limit (we don't provide merchants with custom rate limits / everyone has the same level of the service).|
|Service usage metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Merchant end users can export their payment and mandate creation reports to an Excel file.|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
|Guaranteed availability||We have an SLA for platform availability, with the top level of availability being 99.9%. We provide provide service credits in the result of it not being met, on a sliding scale.|
|Approach to resilience||Available on request|
Updates in live time are available at:
Merchants are notified via email in advance for scheduled outages.
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
Admin users need to be on company VPN;
Infrastructure access is also under VPN and on a per user basis.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Dedicated link (for example VPN)|
Audit information for users
|Access to user activity audit information||No audit information available|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Certification Europe (UK) Ltd|
|ISO/IEC 27001 accreditation date||23/09/2016|
|What the ISO/IEC 27001 doesn’t cover||.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Security work is coordinated by a designated group of managers and specialists which meets quarterly to assess the effectiveness of ongoing internal audits and security risk management. It is formed of individuals from different business functions, the majority being engineering staff. Progress is periodically reported to the Chief Product and Technology Officer. A security performance report is submitted annually to the CEO and the senior management team for review.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Technical changes and their impact on security are evaluated as part of the project scoping and delivery workflow. Mandatory peer reviews of code and technical stability is evaluated through unit and integration testing.
Code and configuration files are managed using Github for version control, shared ownership and code review.
Software changes are integrated continuously including automated evaluation of code quality and running of unit and integration tests.
All urgent security patches are applied immediately and other updates as soon as reasonably practical.
Business and compliance changes are evaluated as part of routine weekly senior management meetings and quarterly Board meetings.
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||
We use a third party.
GoCardless applies all urgent security patches immediately and applies other updates as soon as reasonably practical.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||In the event of a serious incident, GoCardless will inform affected merchants and partners without undue delay, providing a summary of the extent, expected impact and status of the incident. Details for contacting GoCardless about that incident will be communicated with that information. Status updates will follow at regular, frequent intervals to be determined on the day.|
|Incident management type||Undisclosed|
|Incident management approach||A team of experienced site reliability engineers is responsible for responding to technical and security incidents, and they follow a pre-defined process. The duty engineer role rotates weekly and the designated engineer is available to respond 24/7. Additional members of the team, including engineering managers can be contacted in the event of a particularly complex incident. Users can report issues via our normal support channels.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£0.10 to £0.60 per transaction per month|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|