Compliance and

Security

What security measures does Wello have to protect my transactions?

With a Wello wallet, you have complete ownership and control over the funds in your wallet. As a non-custodial wallet, Wello does not hold your private keys or have access to your funds. Only you control your wallet at all times.


Your wallet is secured by your private key, which only you possess. This ensures that no one—not even Wello—can access or manage your assets on your behalf. This level of user control and security is a defining feature of self-custody wallets.


Wello is also built on a zero-trust security model with multiple layers of protection to help safeguard against threats and unauthorized access, ensuring the integrity of your transactions at every step.

How is Wello regulated?

Wello complies with global remittance and payment regulations including:


  • Anti-money laundering (AML) laws

  • Know Your Customer (KYC) requirements

  • Data protection & privacy politics

  • Sanctions and PEP screening

  • Transaction monitoring to screen and flag suspicious activities for both fiat and crypto transfers

Does Wello store my personal data? / Is my personal information secure with Wello?

  1. What data do you collect and store?


We collect and store only the data necessary to process transactions and comply with regulatory requirements. This may include:


  • Personal information (e.g., name, email address, billing address)

  • Payment details (e.g., card numbers, bank account details) in encrypted formats

  • Transaction data (e.g., amounts, dates, and merchant information)

  • Device and technical data (e.g., IP address, browser type) to enhance security


  1. Where is my data stored?


Your data is securely stored in AWS data centers located in Singapore and Frankfurt. We ensure data storage complies with local and international regulations such as GDPR.


  1. How do you secure my data?


We use industry-standard security measures to protect your data, including:


  • Encryption: All sensitive data is encrypted in transit (TLS 1.2/1.3) and at rest (AES-256)

  • Tokenization: Payment details are replaced with secure tokens, ensuring sensitive data is never exposed

  • Access Controls: Strict access policies restrict data access to authorized personnel only

  • Regular Audits: We perform security assessments and comply with PCI-DSS standards to maintain a secure environment

  • We may share your data with trusted third-party providers to facilitate payments, such as payment processors or fraud prevention services. However, we ensure all third parties adhere to strict data protection standards