WeTravel does not store any financial or sensitive user data on WeTravel servers. User data such as credit card numbers, bank accounts, passwords or SSNs are immediately and securely transmitted to our payment provider with bank-grade SSL encryption.
Our payment provider in the US and Europe is Stripe, one of the world’s largest payment providers, used by many large internet companies such as Facebook and Twitter. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. You can see that WeTravel is also a featured customer of Stripe in its "Travel & Events" category.
Our payment provider in Canada, Australia, and South Africa is Mangopay, which is owned by Crédit Mutuel Arkéa, one of the largest banks in Europe.
Your data is YOURS
We do not sell or rent any personal customer data to outside companies. All of our processes are designed with your safety in mind - any access to your data is strictly controlled and monitored.
We use both internal and multiple external monitoring services to monitor WeTravel. Our stringent monitoring system will alert the Operations & Security Team through emails and phone calls if there are any errors or flaws in the request pattern.
Uploading the documents on your WeTravel account
The documents uploaded on WeTravel are transferred via an SSL-secured connection to a secure AWS S3 Bucket. As an additional security measure, this server is separate from any other WeTravel user data. When retrieving the documents, only organizers and their team members have the necessary access. Links to retrieve documents are also protected, meaning that even if an organizer were to share the link to a document, it would not be accessible without first logging into that organizer’s WeTravel account.
At WeTravel, we take our customers’ security and privacy very seriously. Only a very small number of engineers and trained operations staff necessary to run and support this feature have access to the data.
To support our KYC (Know Your Customer) policy, WeTravel has developed a KYC/KYB process which is required to be completed by all of our customers to collect relevant business information to identify risks of money laundering. If required under international laws, we may be required to hold documents as per the verification standards while checking whether our customers are based in FATF high-risk jurisdictions, named on government-sponsored watchlists or international (UN/OFAC) sanctions lists, or if they are active in or from conflict-affected and high-risk areas (CAHRAs).
Right to delete your data
You may at any time access and modify, edit or delete your contact details by logging into your WeTravel account.
To deactivate your account, please send your request by filling out the form HERE, and we will be happy to help.
We welcome reports of issues or possible vulnerabilities as part of our responsible disclosure program. At this point, we don't run a bug bounty program, but we do provide public acknowledgement of all relevant disclosure work.
For details and to submit a vulnerability check out our Responsible Disclosure Policy.
Your security is our highest priority.