Founder & CEO
Modern software moves at machine speed, but sensitive data still moves like it’s 2005.
Today, we’re announcing a $25 million Series B led by Ribbit Capital, with continued support from Sequoia Capital, Index Ventures, Kleiner Perkins, Next Play Ventures and new investors including Operator Partners. With $46 million raised to date, we’re doubling down on our mission to eliminate plaintext sensitive data across the internet.
When we started Evervault, we didn’t set out to help companies manage compliance. We set out to answer a simpler question: why does sensitive data exist in plaintext at all?
Every regulation, every audit, every security review assumes that plaintext is inevitable – that card numbers, medical records and personal identifiers must pass through application code, logs, databases and third-party services. The industry has largely accepted this as the status quo.
We don’t accept that.
We’re building the infrastructure so companies never have to handle sensitive data again.
Sensitive data is hazardous material. Treating it like a compliance checklist isn’t enough. Bolting defensive processes onto a system after the fact doesn’t make it safer; it just makes it slower.
At Evervault, we design systems so that developers and companies never touch sensitive data in the first place. This round of financing is about building the infrastructure to make secure-by-default the only way to build.
Data and value move faster than compliance can.
Over the past two decades, software has fundamentally changed how value moves across the internet. APIs now connect everything and data flows continuously across services, teams and companies. A single request can cascade across dozens of systems, many outside your control, often involving money, identity or regulated data.
Value moves at machine speed. Compliance does not.
The gap between how fast data travels and how slowly security adapts is the defining security problem of the modern internet.
The industry’s response has been to layer on more compliance: PCI DSS, SOC 2, ISO 27001, HIPAA, GDPR. Each assumes sensitive data will exist in plaintext somewhere in your systems. Each new framework slows engineering teams and expands audit scope without actually reducing the fundamental risk. Companies now spend millions managing compliance overhead, – and breaches continue.
Our obsession is developer experience. And our mission has always been to distill what these frameworks attempted to do into a single line of code.
Evervault lets developers encrypt sensitive data at the edge and operate on it end-to-end without ever exposing it. Compliance scope collapses, breach impact shrinks and security becomes architectural, not procedural.
Using encryption to offload PCI DSS burden.
Over the past year, we’ve seen what happens when developers no longer have to take custody of sensitive data.
When card data is encrypted before it ever touches your systems, entire categories of engineering overhead disappear. PCI scope shrinks. Integrations get simpler. Teams move faster because they’re no longer architecting around compliance constraints.
Our customers, including CarTrawler, Overwolf, Ramp, Rippling and Uniswap are building their own programmable payment orchestration layers, routing across providers, improving authorization rates and shipping new capabilities without expanding their risk surface.
"We chose to add Evervault to our stack because it offers a smooth developer experience, allowing our engineers to ship products to users and debug on their own (without wasting time on support calls). This is crucial for us: Ramp hires strong, self-sufficient engineers, and we want to give them the tools to succeed without roadblocks."
— Eli Block, Principal Engineer, Security Engineering at Ramp
In the process, we’ve reached meaningful milestones as a company:
Under the hood, this technology is powered by deep integrations with over 7,000 banks and financial institutions. But what matters isn’t the number, it’s the outcome: developers can combine 3D Secure, network tokens, issuer signals and fraud enrichment into a single integration, without ever handling card data themselves.
Card payments are one of the most regulated and operationally complex categories of sensitive data on the internet and we started there intentionally. Simply put, if you can eliminate plaintext in payments, you can eliminate it anywhere.
The internet’s clearinghouse for sensitive data.
Our mission isn’t just about payments. We’re building the trust layer for the internet: a global clearinghouse for sensitive data. A place where companies can share, enrich and route information without taking custody of it. We’re replacing contractual trust with cryptographic guarantees.
To build this trust layer, we need exceptional people who care deeply about architecture, clarity and craft.
If you’re excited about solving hard infrastructure problems and shaping how sensitive data moves across the internet, come build with us.
We are making handling sensitive data a thing of the past and giving developers the freedom to build the products of tomorrow.
We have several job postings in GTM and Engineering, across our offices in Dublin, London, and New York.
See open roles
How Evervault’s dual-custody encryption model eliminates the fundamental limitations of traditional tokenization for PCI compliance
Shane Curran
We've launched new payment extensions, 3D-Secure, account updater, and made many enhancements to our core product!
The Evervault Team