Compliance & trust

Built to a regulator's bar.

Wizzily handles regulated workflows for brokers in IE and the UK. The platform's compliance posture is a product feature — every quote is sourced, every claim is dated, every action is logged. The audit log is what makes the savings number you put in front of a merchant defensible.

Payments

PCI DSS by design

No card data ever lands on Wizzily. Card acceptance is service-provider-side — Paynt's app captures the tap, Rapyd's gateway captures the e-commerce transaction. Wizzily is the operating layer in front, not a processor.

  • Self-assessment SAQ-A scope (we never touch PAN data).
  • Document blobs encrypted at rest (Active Storage with disk-level encryption in production).
  • Every operator action logged, immutably, for 7 years.

UK

FCA financial-promotions & ASA savings claims

When you put "you save €X / month" in front of a merchant, you'd better be able to defend it. Wizzily records every input that produced that figure — the merchant's transaction mix, the offer revision in force, the current-provider rates supplied — and stores it on the quote row itself.

  • Every savings claim is dated, sourced, individualised — never against a generic benchmark.
  • Offer revisions are append-only. The rate card in force at quote-time is always recoverable.
  • Quote PDFs (when generated) carry the same audit trail as the email and the in-app view.

Ireland

CBI Consumer Protection Code

For Irish merchants, the Central Bank of Ireland's Consumer Protection Code sets the bar on suitability assessment, disclosure and complaint handling. Wizzily's workflows surface the suitability inputs (volume, mix, channel) explicitly so the placement reasoning is captured, not implicit.

  • Service provider recommendation derived from explicit merchant inputs, not opaque scoring.
  • Operator overrides recorded with reason — every deviation from the engine's recommendation is auditable.
  • Status field on every lead — Won / Lost / In review — for portfolio review.

Data

GDPR — data-controller posture

Wizzily holds merchant business details and the documents the acquirer requires for sign-up — until hand-off. After hand-off, KYC data lives with the acquirer. Wizzily retains the operational record (who referred whom, what was quoted, what was sent) but not the personal documents indefinitely.

  • Data controller for operational records; service provider is controller for post-hand-off KYC.
  • Encryption at rest for sensitive attributes and document blobs.
  • Audit log retained 7 years per regulatory guidance.
  • Per-tenant data isolation enforced at the application layer (every domain table scoped by tenant_id).

Always-on

The audit log is the proof

Every quote-send, override, document access, lead status change, statement import and invoice send writes an immutable entry. CSV exportable. When a regulator asks how the savings number was arrived at, the answer is in one query.

In your operator console: Audit log in the sidebar. Filterable, exportable, never editable.

If your team includes a financial-services solicitor or compliance officer, please send them this page — we welcome the scrutiny.

Reach us: john@wizzily.com.

Get a White-label Partnership Management Platform.

Find out more about how our AI-powered Partnership Management Platform can drive sales and help you grow your team of referral partners.