Encryption
Data in transit is encrypted with TLS 1.2 or higher. Data at rest is encrypted with AES-256. Pass-signing private keys are stored in encrypted, isolated key-management infrastructure.
Security
How we protect your data.
Encryption, isolated certificate handling, regional data residency, and an honest compliance roadmap. Last updated May 2026.
Apple and Google Wallet certificates
Apple Pass Type ID certificates and Google Wallet service-account credentials are stored in encrypted secret storage with restricted access. Certificate renewal is automated. Customers do not need to manage their own Apple Developer credentials beyond initial account setup.
Authentication and access control
Customer accounts are protected by password plus optional two-factor authentication. SSO (SAML and OAuth) is available on Scale and Enterprise plans. Role-based access control lets administrators define what teammates can do.
Data residency
Customer data is stored in Australia or the United States by default depending on customer location. Scale and Enterprise customers can specify residency requirements as part of contracting.
Data deletion
On cancellation, customer data is retained for 30 days then permanently deleted from production systems. Backups containing customer data are retained for 90 days then purged. Customers can request immediate deletion at any time.
Operational security
Production infrastructure runs on hardened cloud infrastructure with regular patching, automated vulnerability scanning, and 24/7 monitoring. Production access is limited to authorised engineering staff and is logged.
Incident response
Security incidents are triaged within 24 hours. Customers are notified of any incident affecting their data within 72 hours, in line with applicable data-protection law.
Compliance roadmap
We are formalising SOC 2 Type 2 readiness with a target attestation in Q4 2026, and an ISO 27001 assessment scheduled for 2027. Customers on Scale and Enterprise plans can request our current compliance status and roadmap by emailing security@shakewellwallet.com.
For security questions or to report a vulnerability, email security@shakewellwallet.com. See our responsible disclosure file for the full policy.
Trust + product
Build with the wallet platform your security team can sign off on.
Set up takes minutes. No credit card required to start a free trial.