Dashboard

Core concepts

Learn what Evervault does, how it fits into your architecture, and how to start building. This page connects the dots between our platform, your use case, and a secure integration path.

Understand Evervault from the ground up

Evervault is a developer-first platform for orchestrating secure data flows. You can collect, store, process, and forward sensitive information without increasing your compliance scope. It's designed to fit into your existing stack with minimal effort, so you can focus on building your own data orchestration. At its core, Evervault encrypts sensitive data into ciphertext which can be safely stored in your infrastructure and decrypted at runtime.

You store encrypted data

Evervault doesn't use a traditional token vault model. Instead, we use a dual custody encryption model that's faster and more secure. With this architecture, you store encrypted data and we manage the keys.

There's no need for developers to handle encryption keys directly, and data is never stored in Evervault's infrastructure. Instead, sensitive information is collected through our products and instantly returned in an encrypted format, ready to store or pass to downstream systems.

The dual custody model has two key advantages compared to traditional token vaults:

  • It's faster

    There's no need for database lookups on our side, which means lower latency and better throughput.

  • It's more secure

    Even if one side is compromised, the data is still safe. An attacker would need to breach both your infrastructure and Evervault to access decrypted values.

It's tokenization, reimagined for performance, privacy, and stronger architectural boundaries. You can use Card Collection to encrypt card holder data or use our SDKs to encrypt any other data.

Processing and forwarding data

After your data is encrypted and stored in your infrastructure, the next step is securely processing and sharing it. This is what Evervault's core products are designed for: enabling encrypted data to move, transform, and integrate without compromising security or compliance. These tools open up a wide range of use cases, including:

  • Sending decrypted data to third-party services.
  • Encrypting incoming data from a third party before storage.
  • Fetching and decrypting sensitive data from your own backend, in transit.
  • Relay

    Relay is a configurable network proxy that encrypts or decrypts data in transit—between your app and your own APIs, or any third-party APIs.

  • Functions

    Functions are secure, serverless code environments that decrypt encrypted data at runtime, allowing you to process it without exposing it in your infrastructure.

Evervault for payments

Evervault gives you flexible tools for collecting card data and using it for self-orchestration, without compromising security or compliance. You can capture and manage your own credit card data, design smart routing logic, run multi-PSP setups, build anti-fraud workflows, etc.

  • Run operations on encrypted card data using our payments products, like performing network tokenization, running 3D Secure authentications, or sending and receiving data to and from PSPs—all without ever decrypting it yourself.

  • Enable point-to-point encrypted transport to third parties (like payment processors or fraud tools) using Evervault Relay, maintaining full PCI compliance while keeping data completely shielded from your app and infrastructure.

  • Stay out of scope for PCI: our Level 1 Service Provider status and architecture let you handle card data workflows without bringing your systems into PCI scope.

Whether you're building a checkout flow, tokenizing cards, or routing data to partners, Evervault makes it secure and compliant, while maintaining high performance and a quality developer experience.

Cards

Products for building modern, secure, and compliant payment flows.

  • Card CollectionSafely collect and encrypt card data with our card collection product.
  • 3D SecureReduce fraud & improve conversions by adding 3D Secure to your payment flows.
  • Network TokensModernize your payment flows by using network tokens instead of card numbers.
  • Card Account UpdaterAutomatically update card details without the need for user interaction.
  • BIN LookupRetrieve metadata for card numbers and BIN ranges.
  • Card RevealSafely display encrypted card numbers in plaintext to your customers.
  • Apple PayAdd mobile payments to your payment flows with Apple Pay.
  • Google PayAdd mobile payments to your payment flows with Google Pay.

Teams, apps, and sandboxes

Evervault accounts are organized around teams, which act as the top-level container for everything you build. Within a team, you can create and manage multiple apps, each with its own configuration, keys, and data flows. Apps can be designated as either Production or Sandbox environments, depending on their purpose.

Sandboxes are purpose-built for testing, simulation, and pre-production validation. They provide isolated environments that mirror production behavior, but without risking real data. Every sandbox app includes access to all Platform features, including advanced tooling like simulated card updates, webhook event triggers, and custom policy testing. This lets you build and iterate confidently, ensuring that production data stays untouched while you fine-tune your integrations.

Production data

Sandbox environments simulate all values and behaviors. If you require production-level data, such as card scheme responses, ACS server responses, or live webhook payloads, you'll need to contact support to access a production proof-of-concept (POC) environment for live testing.

Contact Support

Start building your integration

You can integrate with Evervault using our client SDKs, server SDKs, REST API or CLI. With developer-friendly tooling and a fast integration path, engineering teams can go from idea to implementation in hours, not weeks.

Client-Side SDKs

  • CLIThe Evervault CLI allows you to configure your Evervault integration from the terminal.
  • JavaScriptEncrypt data and collect sensitive data in the browser
  • ReactIntegrate Evervault with your React applications
  • iOSIntegrate Evervault with your iOS applications
  • AndroidIntegrate Evervault with your Android applications
  • React NativeIntegrate Evervault with your React Native applications

Server-Side SDKs

  • NodeIntegrate Evervault with your Node.js applications
  • PythonIntegrate Evervault with your Python applications
  • RubyIntegrate Evervault with your Ruby applications
  • JavaIntegrate Evervault with your Java applications
  • PHPIntegrate Evervault with your PHP applications
  • GoIntegrate Evervault with your Go applications

Before going live

There's a checklist on our website for going live but there are a few things worth noting here. Sandbox and Production apps don't share data, API objects, or encryption access. This means:

  • Data collected or created with a Sandbox app can't be used by a Production app
  • Any data or API objects you need for a Production app need to be created using that app's UUID and key
  • Data that gets encrypted in a Sandbox app can't be decrypted with a Production app

All of that works in the opposite direction as well (e.g., data encrypted by a Production app can't be decrypted with a Sandbox app). If there are feature flags enabled for you during your integration process, contact support to ensure they're enabled for production as well.