Security at Fivo
Your funds and data are protected at every layer. Fivo is non-custodial: we never hold your private keys. Wallet infrastructure and custody are provided through Circle.
Non-Custodial
Architecture
AES-256
Encryption at rest
TLS 1.3
Encryption in transit
Permanent
Audit trail retention
Non-Custodial Architecture
Fivo never has access to your funds. Your wallets are managed by Circle Programmable Wallets with institutional-grade security. Private keys are stored in Hardware Security Modules (HSMs), specialized hardware designed to protect cryptographic keys.
Fivo personnel cannot directly access or control merchant funds. Wallet and custody operations are handled through Circle's regulated infrastructure and subject to applicable compliance controls.
- ✓Private keys stored in HSMs (Hardware Security Modules)
- ✓Fivo employees cannot access merchant funds
- ✓Funds go directly from payer to your wallet
- ✓Full control: withdraw anytime without approval
Data Protection
All sensitive data is encrypted both at rest and in transit using industry-standard algorithms.
AES-256 Encryption
All sensitive data stored in our database is encrypted using AES-256, the same standard used by governments and financial institutions worldwide.
TLS 1.3 in Transit
Every connection to Fivo is encrypted with TLS 1.3, ensuring data cannot be intercepted or tampered with during transmission.
Bcrypt Password Hashing
Passwords are hashed with bcrypt using adaptive cost factors. Even if our database were compromised, passwords cannot be reversed.
Token Security
Access tokens expire every 15 minutes. Refresh tokens rotate on every use and are hashed with SHA-256 before storage.
Authentication & Access Control
Multiple layers of protection ensure only you can access your account and authorize transactions.
Two-Factor Authentication (2FA)
Required for all withdrawals. Three methods available: email code, authenticator app (Google Authenticator, Authy), or SMS verification.
New Device Detection
Every login is fingerprinted. When a new device is detected, you receive an immediate email alert with device details and IP address.
Rate Limiting
Aggressive limits protect against brute force attacks: login attempts, password resets, API calls, and withdrawal requests are all rate-limited.
JWT Token Rotation
Access tokens expire every 15 minutes with automatic refresh. Refresh tokens rotate on every use. A stolen token becomes useless after one use.
Audit & Compliance
Every action is logged, every transaction is verifiable, and every regulation is followed.
Immutable Audit Trails
All withdrawal and refund operations are logged in append-only audit tables. Records cannot be modified or deleted. Retention: 5 years.
OFAC & EU Sanctions Screening
All merchants declare compliance with OFAC (US) and EU sanctions regulations. Restricted jurisdictions are blocked at registration.
GDPR Compliance
Full compliance with EU General Data Protection Regulation and Spanish LOPDGDD. Data processing bases documented under Art. 6 GDPR.
On-Chain Verification
Every payment is verified on-chain: amount, sender, recipient, and timestamp. Transaction hashes provide an independent, immutable record.
Infrastructure
Fivo is built on battle-tested infrastructure used by the world's largest financial institutions.
Circle
Programmable Wallets and CCTP (Cross-Chain Transfer Protocol). Circle holds MSB licenses with FinCEN and is MiCA compliant in the EU. SOC 2 Type II audited annually.
Alchemy
Enterprise-grade RPC infrastructure across all 9 supported blockchains. The same provider used by Coinbase, OpenSea, and Aave.
Vercel
Edge-deployed frontend with global CDN, DDoS protection, and automatic HTTPS. Sub-100ms response times worldwide.
PostgreSQL + Prisma
Production database with connection pooling, encrypted connections, and automated backups. Schema managed with Prisma ORM for type safety.
Responsible Disclosure
If you discover a security vulnerability, please report it responsibly. We take all reports seriously and will respond promptly.
Report to: support@fivo.financeStart accepting payments securely
Join Fivo and benefit from institutional-grade security without the complexity.