Security & compliance

Institutional-grade security for safeguarding client assets

Fipto's platform meets the highest security standards to help reduce compliance burdens for your business and keep your corporate treasury safe.


Fipto is committed to working closely with regulators where it operates. Fipto currently holds different licences and registrations or regulatory approvals.

Segregated accounts

Client funds in both fiat and cryptocurrencies are always segregated and separated from Fipto's assets, as per law requirements.


Fipto requires mandatory KYC to be undertaken to onboard any new client in order to comply with legal and regulatory obligations including, but not limited to, rules governing anti-money laundering, counter-terrorism financing and sanctions.

This is part of their anti-money laundering and countering the financing of terrorism (AML/CFT) compliance efforts aimed at combating financial crime and ensuring the compliance of our customers' operations.

ISO certified

Fipto is ISO/IEC 27001:2022 certified for information security, cybersecurity and privacy protection.

Fipto ISO 27001
Hosting: All Client Data is hosted in AWS servers located in Europe that adhere to the highest compliance and certification standards, including but not limited to GDPR, HIPAA, and SOC 2. Client data is protected and stays within the EU at all times.
Sensitive data such as passwords and authentication tokens is never logged.
Encryption: All data transmitted between our service and its users is encrypted in transit using industry-standard encryption protocols, TLS v.1.2. Additionally, the data stored within our service is encrypted at rest using AWS Key Management Service (KMS), ensuring the highest level of protection for client data.
Service Continuity: Our service data is continusously backed up on AWS to ensure data durability and to prevent data loss. Our disaster recovery strategy is designed to minimise service downtime and data loss in the event of a critical incident. We leverage AWS' multi-availability zone infrastructure to the fullest extent possible in order to provide redundancy and ensure service continuity.
Vulnerability scans on Fipto's API are executed automatically every week.
Infrastructure configuration scans are executed in real time.
Penetration tests are executed every year.
Multi-factor authentication (MFA): Sensitive actions executed on Fipto's platform such as signing in, adding a new beneficiary or initiating a payout require a unique MFA token in order to protect your account
Customer Identity and Access Management (CIAM): A CIAM is used for user authentication, providing secure and scalable user sign-up, sign-in, and access control.