New HitchPay raises $40M Series B to power global business banking · Read more
Security

Security is our foundation, not a feature.

We built HitchPay so that protecting your money and your data is never an afterthought. Encryption, independent audits, regulated banking partners and round-the-clock monitoring are engineered into every layer of the platform.

$3M
FDIC-eligible coverage
256-bit
Encryption everywhere
99.99%
Platform uptime
24/7
Security monitoring
Protecting your money

Your funds, guarded at every layer.

Enhanced FDIC insurance

Eligible balances are protected up to $3M through our FDIC-member partner banks and their sweep network, well beyond the standard $250k per-depositor limit, subject to program terms and conditions.

Advanced authentication

Multi-factor authentication, device binding and biometric approval are required on sign-in and every sensitive action, so only the right people can move money.

Federally regulated bank partners

Deposits are held with FDIC-member partner banks, ring-fenced from HitchPay's own accounts and never lent out or used for our operations.

SOC 2 Type II & PCI DSS

Our controls and card-data handling are independently audited to SOC 2 Type II and PCI DSS Level 1, with reports available to qualifying customers under NDA.

Multi-step payment approvals

Require sign-off from multiple team members before large or unusual payments leave your account, with a full, tamper-evident audit trail of every decision.

Compliance you can bank on.

Every transaction is monitored in real time, screened against global watchlists, and protected with end-to-end encryption in transit and at rest.

SOC 2 Type II PCI DSS ISO 27001 256-bit encryption
Data protection

Built to keep your data private and intact.

The same rigor we apply to your money, we apply to your data, from the first byte to the last audit log.

Encryption at rest & in transit

Data is encrypted with AES-256 at rest and TLS 1.2+ in transit. Keys are managed in hardware security modules and rotated on a fixed schedule.

Least-privilege access

Employee access is granted on a strict need-to-know basis, protected by SSO and hardware keys, and reviewed continuously with every action logged.

Continuous monitoring & pen-testing

Our systems are monitored 24/7 for anomalies and tested by independent security firms through regular penetration tests and a private bug-bounty program.

Financial safeguards

How we protect your money.

Layered controls keep your balances safe, your payments legitimate, and bad actors out.

Funds segregation

Customer funds are held in dedicated accounts at partner banks, kept separate from HitchPay's operating capital and reconciled daily.

Real-time fraud screening

Machine-learning models score every transaction as it happens, flagging and blocking suspicious activity before funds ever leave your account.

Global watchlist screening

Counterparties are screened against OFAC, sanctions and PEP watchlists, backed by KYC and KYB checks that keep your account compliant.

Independently certified & compliant

FAQ

Security questions, answered.

Is my money FDIC insured?

HitchPay is a financial technology company, not a bank. Your funds are held at our FDIC-member partner banks, where eligible balances are covered by FDIC insurance on a pass-through basis, up to applicable limits, and up to $3M through the partner sweep network. Pass-through insurance is subject to the banks' terms and to your account meeting FDIC recordkeeping conditions. FDIC insurance protects against bank failure; it does not cover losses from fraud or unauthorized transactions.

How is my data encrypted?

All data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256. Encryption keys are stored in dedicated hardware security modules, access to them is tightly restricted, and they are rotated on a regular schedule. Sensitive fields such as card data are additionally tokenized within our PCI DSS environment.

What certifications do you hold?

HitchPay maintains SOC 2 Type II, PCI DSS Level 1 and ISO 27001 certifications, and our data practices are aligned with GDPR and CCPA. Our SOC 2 report and other assurance documentation are available to qualifying customers under a mutual non-disclosure agreement, contact our security team to request them.

How do you handle security incidents?

We run a formal incident response program with a 24/7 on-call security team, defined severity levels and rehearsed runbooks. If an incident affects your data or funds, we investigate immediately, contain and remediate the issue, and notify affected customers in line with our contractual and regulatory obligations. You can report a vulnerability at any time through our security contact or bug-bounty program.

Apply in less than 10 minutes today.

Join 12,000+ businesses moving money across borders with HitchPay.

No credit card required · Cancel anytime