WeTravel does not store any financial or sensitive user data on WeTravel servers. User data such as credit card numbers, bank accounts, passwords, or SSNs are immediately and securely transmitted to our payment provider with bank-grade SSL encryption.
WeTravel partners with multiple globally recognized payment processors, including Stripe and Airwallex, to support different currencies and ensure reliable, secure payment handling. Both providers are certified to PCI-DSS Level 1, the highest level of security certification in the payments industry.
Stripe is used by many leading internet companies and has been audited by a PCI-certified auditor. WeTravel is also featured in Stripe’s “Travel & Events” category. Airwallex supports over 100,000 businesses worldwide and similarly meets the most rigorous compliance and security standards of PCI-DSS Level 1.
Your data is YOURS
We do not sell or rent any personal customer data to outside companies. All of our processes are designed with your safety in mind - any access to your data is strictly controlled and monitored.
Monitoring
WeTravel is monitored by both internal and multiple external monitoring services. Our stringent monitoring system will alert the Operations & Security Team through emails and phone calls if there are any errors or flaws in the request pattern.
Uploading the documents to your WeTravel account
The documents uploaded on WeTravel are transferred via an SSL-secured connection to a secure AWS S3 Bucket. As an additional security measure, this server is separate from any other WeTravel user data. When retrieving the documents, only organizers and their team members have the necessary access. Links to retrieve documents are also protected, meaning that even if an organizer were to share the link to a document, it would not be accessible without first logging into that organizer’s WeTravel account.
At WeTravel, we take our customers’ security and privacy very seriously. Only a very small number of engineers and trained operations staff who are necessary to run and support this feature have access to the data.
To support our KYC (Know Your Customer) policy, WeTravel has developed a KYC/KYB process, which all of our customers are required to complete to collect relevant business information to identify risks of money laundering. If required under international laws, we may be required to hold documents as per the verification standards while checking whether our customers are based in FATF high-risk jurisdictions, named on government-sponsored watchlists or international (UN/OFAC) sanctions lists, or if they are active in or from conflict-affected and high-risk areas (CAHRAs).
Right to delete your data
You may access and modify, edit, or delete your contact details at any time by logging into your WeTravel account.
To delete your data, please send your request by filling out the form HERE, and we will be happy to help.
Note: To deactivate your account, please email your request to info@wetravel.com. There's no need to fill out the form.
Responsible Disclosure
We welcome reports of issues or possible vulnerabilities as part of our responsible disclosure program. At this point, we don't run a bug bounty program, but we do provide public acknowledgement of all relevant disclosure work.
For details and to submit a vulnerability, check out our Responsible Disclosure Policy.
Your security is our highest priority.
Note: For security reasons, WeTravel sessions will automatically expire after 72 hours of inactivity. To regain access, please log in again.
Please contact us if you have any other questions. We will be happy to help!