Your assets and data are protected by multiple layers of defense
The vast majority of customer funds held on Nelvo are stored in air-gapped cold wallets physically secured in geographically distributed vaults. Multi-signature authorization requires at least three of five hardware security modules to sign any withdrawal request, eliminating single points of failure. Hot wallets, used only for operational liquidity, never hold more than 2% of total custodied assets. Our custody infrastructure is independently audited quarterly by a leading Big Four accounting firm.
All data transmitted between your browser and our servers is encrypted using TLS 1.3 with perfect forward secrecy. Application code undergoes continuous static analysis and is reviewed by our internal red team before every production release. We operate a public bug bounty program through HackerOne, rewarding security researchers who responsibly disclose vulnerabilities. Web Application Firewall rules and DDoS mitigation systems protect our infrastructure from external attack vectors.
Nelvo requires two-factor authentication for all accounts and supports TOTP authenticator apps, hardware security keys (FIDO2/WebAuthn), and passkeys. Session tokens are short-lived and automatically invalidated upon detected anomalies such as new device logins or unusual geographic activity. Withdrawal address whitelisting allows you to restrict outbound transfers to a pre-approved list of addresses, adding a critical layer of self-protection. Account activity logs are available in real time so you can immediately identify and respond to any unauthorized access.
Custodied assets are covered by a $250 million insurance policy underwritten by a consortium of Lloyd's of London syndicates, protecting against theft and cybercrime. Nelvo maintains SOC 2 Type II and ISO 27001 certifications, demonstrating our commitment to rigorous information security management. We are registered with relevant financial regulators in all operating jurisdictions and maintain full AML/KYC compliance programs. Annual penetration tests performed by independent security firms validate the effectiveness of our controls.