Security Whitepaper

How HitchPay protects
your money and data

A technical overview of the controls, architecture and governance that secure the HitchPay global finance platform.

Version 1.0  ·  2026  ·  HitchPay Technologies, Inc.  ·  Classification: Public

Contents


  1. Executive summary
  2. Security governance & program
  3. Data protection & encryption
  4. Application & product security
  5. Infrastructure & network security
  6. Identity & access management
  7. Safeguarding customer funds
  8. Compliance, certifications & financial crime
  9. Threat detection & incident response
  10. Third-party & vendor risk
  11. Business continuity & resilience
  12. Responsible disclosure

1Executive summary


HitchPay is a global finance platform that gives businesses multi-currency accounts, cross-border payments and corporate cards. Because we move money and hold sensitive data on behalf of our customers, security is engineered into every layer of the platform rather than added as an afterthought.

This document describes the safeguards that protect customer funds and information: encryption of data in transit and at rest, a hardened cloud infrastructure, least-privilege access controls, continuous monitoring, an independently audited control environment, and a mature financial-crime and incident-response program. It is intended for prospective customers, partners and their security teams evaluating HitchPay.

Encryption everywhereIndependent auditsRegulated partners24/7 monitoringLeast privilege

2Security governance & program


Security at HitchPay is owned by a dedicated team that reports to executive leadership, with defined policies reviewed at least annually and approved by management. Our program is built around recognized frameworks and the principle of defense in depth.

3Data protection & encryption


In transit

All traffic to and from HitchPay is encrypted with TLS 1.2+ using strong cipher suites. HSTS is enforced and plaintext connections are refused.

At rest

Data is encrypted at rest using AES-256. Encryption keys are managed in a dedicated key-management service with strict access controls and rotation.

Sensitive data handling

4Application & product security


Security is embedded across the software development lifecycle so that vulnerabilities are found and fixed before they reach production.

5Infrastructure & network security


HitchPay runs on reputable cloud infrastructure providers that maintain their own leading security certifications. Our environment is designed for isolation, resilience and observability.

6Identity & access management


Access to systems and data follows the principle of least privilege and is granted only for as long as it is needed.

7Safeguarding customer funds


HitchPay is a financial technology company, not a bank. Banking services are provided by our partner bank, Lead Bank, Member FDIC. Customer funds are held in dedicated accounts at regulated partner banks, kept separate from HitchPay's operating funds and reconciled daily.

8Compliance, certifications & financial crime


HitchPay maintains an independently assessed control environment and a risk-based financial-crime program.

Assurance

SOC 2 Type II and PCI DSS aligned controls, with regular independent audits and penetration tests.

Financial crime

KYC/KYB onboarding, sanctions and watchlist screening, and ongoing transaction monitoring.

We handle personal data in line with applicable data-protection laws, honor data-subject requests, and limit collection to what is necessary to operate accounts and meet regulatory obligations.

9Threat detection & incident response


We monitor our environment continuously and maintain a documented incident-response plan that is tested periodically.

10Third-party & vendor risk


Partners and vendors that touch customer data or funds are assessed before onboarding and reviewed on an ongoing basis. We prefer providers that hold their own recognized certifications and contractually require appropriate security and privacy commitments.

11Business continuity & resilience


12Responsible disclosure


We welcome reports from the security community. If you believe you have found a vulnerability, please contact [email protected]. We investigate every report, work in good faith with researchers, and do not pursue legal action for good-faith testing that respects our users and data.

HitchPay Technologies, Inc.  ·  30 N Gould St, Sheridan, WY 82801  ·  [email protected]
HitchPay is a financial technology company, not a bank. Banking services are provided by Lead Bank, Member FDIC. This document is provided for informational purposes and does not create any contractual commitment.