Skip to content
Security & trust

Your clients’ money never sits with us.

Saldivo is a Tier-0 orchestration platform. We move payments between regulated rails and bind them to verified identities — we never hold funds, and never store raw card data. Here is exactly how that works.

How the money moves

Funds flow payer → regulated rail → your account. Saldivo orchestrates; it never touches the balance.

Your payer
Verified by Certivus, pays by bank or card
TIER 0
Saldivo
Orchestrates & proves. Holds no funds.
Your account
Settled direct via Stripe Connect & Yapily

Saldivo is not an FCA-authorised payment institution. Regulated payment services are provided by authorised third parties — your funds are held, if at all, only by those regulated institutions, never by Saldivo.

Data & encryption

No raw card numbers ever reach Saldivo — card data is tokenised at the rail. Everything is encrypted in transit (TLS 1.3) and at rest (AES-256).

PCI-DSS handled by the railUK data residency

Identity & AML

Every payer and business is verified by Certivus — AML, KYC and sanctions screening — before money moves. The check is bound to the payment for life.

KYB on every businessStrong customer authentication

Audit & governance

Every action is logged to an immutable, timestamped trail. Role-based access, signed webhooks, and exportable audit certificates for any payment.

Immutable audit logSHA-256 anchored certificates
Compliance posture

Regulated where it counts, by the institutions licensed to do it.

Saldivo deliberately stays Tier-0 so the regulatory perimeter sits with Stripe and Yapily — institutions built to carry it. You get the orchestration and the proof; they carry the funds and the licence.

FCA-authorised rails (Stripe, Yapily)In place
UK GDPR & data residencyIn place
SOC 2 Type IIIn progress
Penetration testing (annual)In place
Operational controls

Security controls mapped to the payment lifecycle.

Before payment

The invoice, payer and business context are captured before a request is sent. Identity verification is attached to the payer so the later settlement can be traced back to the authorised person or company.

During payment

Card details stay with Stripe and bank authorisation stays with the open-banking rail. Saldivo receives tokens and status events rather than raw credentials, card numbers or bank-login data.

After settlement

The provider reference, timestamp, payer identity, method and invoice metadata are stored together. That record supports reconciliation, customer support, dispute handling and management review.

During incidents

Because funds are not held by Saldivo, a platform or provider incident is handled as an availability and status problem, not a client-money safeguarding problem. The status page separates Saldivo systems from third-party rail health.

“We orchestrate the payment. We never hold your money.”

The clearest security guarantee in payments is the one where the platform simply never has your funds to lose.

Open an accountHow identity works