Built to be unbreakable.
Money and data sit at the centre of everything we do, so security is not a feature - it is the foundation. 16+ years of operation, zero breaches, escrow-secured funds and encryption at every layer. #NeverBeenHacked.
A record we protect every day.
Not a promise - a measured history of secure operation on real money and real data.
years operating
EU registered, running production payments and marketplaces for over a decade and a half.
breaches, ever
Zero successful breaches across the entire history of the platform. #NeverBeenHacked.
enforced
Two-factor authentication is required, not optional - every account is protected by default.
How we keep you safe.
Layered defences across funds, identity, infrastructure and data - so a single failure is never enough.
Escrow-secured funds
Money is held in escrow and only released on delivery - funds are never exposed to a counterparty who has not earned them.
Encryption everywhere
Data is encrypted at rest and in transit, with secrets stored under a dedicated encryption scheme - not in plain config.
Enforced 2FA
Two-factor authentication is mandatory, with trusted-device handling so security never means friction for legitimate users.
KYC and AML
Identity, sanctions and anti-money-laundering checks on every account keep bad actors out before they transact.
Anti-DDoS and hardening
Rate limiting, DDoS protection and failover infrastructure keep the platform online and resilient under attack.
Signed federation
Every message between nodes is cryptographically signed and verified - the network cooperates without blind trust.
Where security shows up.
The two moments that matter most: protecting your money, and what happens if something goes wrong.
Escrow protects every deal
Funds enter escrow when a deal starts and only release on agreed delivery. Payments run through Stripe under PCI-DSS, so card data never touches our servers - and a dispute keeps the money safe until it is resolved.
How escrow worksDisclosure and incident response
We run a responsible-disclosure and bug-bounty program for security researchers, monitor continuously, and have a defined incident response process. Report a vulnerability and you reach a human who acts on it.
Report a vulnerabilityWhy you can trust IVO.
Trust here is structural - backed by standards, audits and a proven history, not marketing.
Proven, not promised
16+ years and zero breaches. The security posture is battle-tested in production, not described in a whitepaper.
Aligned to standards
GDPR compliant and ISO 27032 aligned, with DAC7 reporting and PCI-DSS handled via Stripe.
Independent scrutiny
A public responsible-disclosure and bug-bounty program means outside researchers test us continuously.
Defence in depth
Escrow, encryption, enforced 2FA, KYC/AML and signed federation stack so no single layer is a single point of failure.
Security questions, answered.
Is my money safe?
Yes. Funds are held in escrow and only released on delivery, so neither side is exposed. Card payments are processed by Stripe under PCI-DSS - card details never touch our servers.
How is my data protected?
Data is encrypted at rest and in transit, secrets are stored under a dedicated encryption scheme, and access is gated by enforced 2FA. We are GDPR compliant and ISO 27032 aligned.
Have you ever been hacked?
No. In 16+ years of operation there has never been a successful breach. #NeverBeenHacked - and we run a bug-bounty program to keep it that way.
How do I report a security issue?
We run a responsible-disclosure program. Contact us through the security channel and you will reach a human who triages and acts on the report. Good-faith research is welcome.
Security questions? Talk to a human.
Whether you are evaluating IVO for your business or reporting a vulnerability, we will answer directly - no bots, no runaround.