Trust & security

A collection is other people's money and other people's kind words. Here's how we look after both.

Your card details never touch our servers

Payments are processed by regulated payment partners (currently Stripe, an FCA-authorised payment institution). Card details go directly from your browser to the payment provider over encrypted connections — Hey Friday never sees, stores, or transmits your card number. Apple Pay works the same way, using device-level tokenisation.

Every payment is screened

Every contribution runs through fraud screening — device intelligence, bot detection, and risk scoring — before it's accepted. It happens in the background in milliseconds; genuine contributors never notice it.

We verify identities before money moves

Organisers go through identity verification (the same document-and-face checks used by banks) so a collection can only be redeemed by a verified, real person. It's a small step for organisers and a big barrier for anyone trying to misuse a collection.

A full ledger of every penny

Every contribution, fee, and payout is recorded in a double-entry ledger, so each collection's pot is accounted for to the penny at all times. Contributors get an emailed receipt for every payment, and organisers can see exactly what's in the pot from their dashboard.

Your data stays yours

We handle personal data under UK GDPR: we collect the minimum we need to run a collection, we don't sell it, and we strip personal information from our own diagnostic and monitoring systems. The full detail — what we collect, why, and how long we keep it — is in our privacy policy.

If something goes wrong

Refunds go back to the original payment method — see our refunds & complaints policy. And if you ever spot something that doesn't look right, email support@heyfriday.co.uk and a human will look at it.

Questions about any of this?

We're happy to go into as much detail as you like.

Contact us