Wagestream is an integrated software platform that synchronizes with a company's timekeeping and payroll systems so that employees can have a real-time view of their earned wages. To help with life's unplanned financial surprises, at any time an employee can transfer earned wages to their personal bank account, instantly.


  • Real time reporting of earned wages
  • Transfer earned wages to bank account at any time


  • For employee: improved financial wellness
  • For employee: reduced need for high-cost credit
  • For employer: improve staff retention
  • For employer: improve staff productivity
  • For employer: improve recruiting


£1.75 to £1.75 per transaction

Service documents


G-Cloud 11

Service ID

9 7 1 9 3 4 2 7 8 7 6 2 3 1 2



Wagestream Support

020 8132 7400


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to We partner with timekeeping software (also known as "rota" software) and payroll providers.
Cloud deployment model Public cloud
Service constraints N/A
System requirements
  • Access to the internet
  • Access to Android and Apple app stores

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Endevour to respond within 24 hours.
User can manage status and priority of support tickets No
Phone support No
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing Part of the third party chat platform provider service provision.
Onsite support Onsite support
Support levels Every client is assigned a dedicated Client Success Manager, who is trained to provide both business and technical support. They are available every business day by telephone and email. Additionally, they are available for on-site training, integration, and troubleshooting at the client's office anywhere in the UK.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started E-mails; user guides; videos; on-site roll out.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction If users want to access their data, they e-mail support@wagestream.co.uk or contact us.
End-of-contract process Users are notified that they will lose access to the Wagestream platform at the upcoming end-of-contract date.

Minimum 30 days before the end of contract (60 if there is sufficient notice), users are placed into a limited service mode where they can continue to read and access data, but not make new transactions.

For 90 days after the end of contract, users are permitted to log in and retrieve historical data.

After 90 days, access is revoked.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service End users access the service through a mobile application; administration is conducted through desktop access.
Service interface No
What users can and can't do using the API APIs enable the employer to provide the necessary minimum information to be able to provide the service.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Clients can customize:
1. Look and feel (logo, colors, text)
2. Email templates for communications between Wagestream and users
3. Operational parameters (accessible wages, earning schedule, notification preferences, etc)

Users can customize:
1. Employee profile photo
2. Notification preferences (email, SMS, push notification)


Independence of resources We conduct ongoing weekly load testing. We simulate a multiple of the prior week's peak traffic, ensuring we are always prepared to grow by an order of magnitude over the prior week.


Service usage metrics Yes
Metrics types Utilisation, user specific usage, up-time, error rates
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Clients can export all data at any time, on-demand, through the partner portal. Export formats are CSV, HTML, PDF, or Microsoft Excel
Data export formats
  • CSV
  • Other
Other data export formats
  • Microsoft Excel
  • HTML
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • Microsoft Excel
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 2 hour SLA to receive money.
Approach to resilience Hosted on Amazon Web Services (AWS)
Outage reporting Partner Portal hosts a status dashboard for all websites, apps, platforms and APIs, as monitored by a third party.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Management interface restricted to authorized company administrators. When a company administrator logs in with a valid username/password from a new device or IP address, they are required to re-authenticate with 2FA. A list of saved, whitelisted devices is maintained per user. When a device has not been used in 30 days it is removed from the whitelist.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We comply with ISO/IEC 27001 Security Governance Standards.
Information security policies and processes We have a written information security policy that is modeled off the recommendations in ISO/IEC 27001:2005. All technical staff must read, accept, and be tested on the policy. If at any point, any member of technical staff does not pass the test, their IT access is suspended until they can prove mastery of the policy.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Code review, continuous integration and automated testing, staged "smoke" deploys, blue/green production deploys, automated metrics on each new release with automated rollback, ongoing penetration testing.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We ensure that our entire infrastructure is virtualized and can be rebuilt in under 15 minutes. When "zero-day" exploits are identified, we are able to redeploy all infrastructure using latest patched versions. Technical operations team subscribes to multiple vulnerability disclosure sources, such as "Full Disclosure" and US-CERT.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach AWS GuardDuty with 30-minute response time 24x7x365
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incident report policy modeled on ISO/IEC 27035-1:2016. Any client can raise a suspected incident with their dedicated Client Success Manager. If incident is verified by technology team, all customers are alerted within 24 hours. Incident notifications are provided automatically to all logged in users of the web application.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1.75 to £1.75 per transaction
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑