Defense in Depth
Multiple layers of controls protect every aspect of our infrastructure—from network perimeters to application code and data storage.
Security Policy
Safeguarding Every Transaction
eWallet's security program blends modern infrastructure, rigorous processes, and constant monitoring. This policy summarizes the controls we maintain to protect customers, partners, and the broader ecosystem.
Contact Security
Need more detail or want to report an issue? Reach our security team.
- security@ewallet.app
- 1-877-827-0995
Important Security Disclosure
eWallet operates within a security ecosystem maintained by our certified partners. While eWallet itself does not hold PCI DSS, SOC 2, or ISO 27001 certifications, we partner with certified service providers and align our internal controls with industry standards. Card data is processed by PCI DSS-certified partners, our systems are hosted in SOC 2-certified data centers, and our security controls align with ISO 27001 standards.
Program Principles
These principles guide decision making across engineering, operations, and risk.
Least Privilege Access
Employees and systems receive only the permissions required to perform their jobs, reviewed regularly with automated tooling.
Continuous Monitoring
We instrument logs, metrics, and anomaly detection across our platform and enforce 24/7 response protocols.
Key Controls
Layered controls protect infrastructure, applications, data, and access.
Infrastructure Security
- Cloud-hosted infrastructure with dedicated VPCs and security groups
- Production systems in SOC 2-certified data centers (Vultr)
- Encrypted service-to-service communication with TLS 1.3
Application Security
- Static and dynamic code analysis integrated into our CI/CD pipelines
- Third-party penetration testing conducted regularly
- Secure development lifecycle training for engineers
Data Protection
- AES-256 encryption at rest, TLS 1.3 in transit
- Data classification and retention controls enforced by policy
- Tokenization for sensitive payment data via PCI DSS-certified partners
Identity & Access
- Multi-factor authentication for all workforce accounts
- Role-based access controls with audit logging
- Regular access reviews and credential rotation
Certified Partners
We partner with industry-leading service providers who maintain relevant security certifications.
Stripe
PCI DSS Level 1Card funding & tokenization
Vultr
SOC 2 Type IIHosting infrastructure
Chase Bank
FDIC MemberCustodial banking
Sunrise Banks, N.A.
Member FDICCard issuer
Compliance & Assurance
Our security posture is supported by partner certifications and regulatory oversight.
PCI DSS Ecosystem
Card funding, tokenization, and payment processing occur within PCI DSS-compliant environments provided by our certified partners including Stripe.
SOC 2 Hosting
Our production systems operate in SOC 2-certified data centers provided by Vultr, with enforced encryption and audited access controls.
ISO 27001 Alignment
Our security controls align with ISO 27001 standards, and several of our service providers hold ISO 27001 certifications.
Regulatory Compliance
Compliance with BSA/AML, OFAC sanctions requirements, and applicable state/federal privacy regulations.
Encryption Standards
We employ strong encryption to protect data at rest and in transit.
Data in Transit
TLS 1.3
All data transmitted between your device and our servers is encrypted using TLS 1.3, the latest transport layer security protocol.
Data at Rest
AES-256
Sensitive data stored in our systems is encrypted using AES-256 encryption, the industry standard for data protection.
Card Data
Tokenized
We do not store raw card numbers. Card details are tokenized and stored by our PCI DSS-certified payment partners.
Responsible Disclosure
We value the security community. If you believe you have discovered a vulnerability, let us know at security@ewallet.app. We will work quickly to remediate issues and credit researchers when appropriate.