Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items

The security of our customers and business partners is our priority. Affirm maintains a security program designed to protect sensitive data, respond resiliently to cybersecurity threats, and meet regulatory and industry requirements wherever we offer our services.

Established standards such NIST CSF, NIST 800-53, PCI DSS, and AICPA trust services criteria inform our program and serve as frameworks for benchmarking our security. We use independent third parties to audit our compliance, and we regularly engage external security experts to test our systems.

Start your security review
View & download sensitive information
Ask for information



Affirm takes care in building websites and apps that are safe for customers to use. Our developers continuously work to improve our code and review it for flaws, and we use web application firewalls to stop potential attacks online.

Affirm keeps personal information confidential through using industry-standard encryption both in transit on the internet and at rest on our systems.

Affirm uses tools and technologies to identify and respond to suspicious activity on our systems, like unusual login attempts.

Affirm hosts its systems in state-of-the-art data centers that maintain strict controls around access, redundancy, and environmental hazard protections.

Affirm engages trusted firms to conduct in-depth third-party audits of our security throughout the year. We are a PCI DSS Level 1 Service Provider for processing cardholder data, and maintain SOC 1 and 2 Type 2 reports in accordance with the AICPA.

Knowledge Base

to view and search through answers to common questions

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo