Evervault and the Orchestration of Encrypted Data: Funding and Impact
- Marc Griffith
- Mar 5
- 5 min read
Summary Evervault closes a €21M Series B to accelerate encrypted data orchestration: by-design encryption, tokenization, and 3D Secure in a single integration. With 7,000 banking integrations and 100 million tokens processed per month, it reduces PCI time and costs. Key takeaways
|
The orchestration of encrypted data is becoming a cornerstone for those managing sensitive flows in payments, fintech, and data-intensive applications. For founders and CTOs it means rethinking the architecture: data should never exist in cleartext where not strictly necessary. Evervault, a startup with offices in New York and Dublin, announced a Series B funding of €21 million to expand the encryption infrastructure and strengthen product development and engineering teams. The initiative fits into a broader movement toward security built by design, not left to policy alone.
Evervault and the Orchestration of Encrypted Data: The New Standard for Payments
The round is led by Ribbit Capital with participation from Sequoia Capital and Index Ventures, bringing total funds raised to €39 million. The capital will be used to scale the encryption infrastructure, accelerate the product roadmap, and grow the engineering and product teams. The competitive landscape aims to standardize risk data management with cloud-native architectures that isolate and orchestrate sensitive information from the point of collection.
Why encrypted data orchestration matters to founders
As CEO Shane Curran notes, considering that sensitive data exists in clear text somewhere in the pipeline is now a liability. The paradigm is to treat sensitive data as hazardous material, minimizing its exposure and encapsulating it in an encrypted control plan. This approach reduces the attack surface, simplifies compliance, and shortens time-to-market.
Treat sensitive data as hazardous material: design by design to prevent it from existing in clear where not needed, and centralized encryption orchestration.
Product and architecture: encryption data orchestration by design
Evervault offers a developer-first platform to encrypt and orchestrate sensitive data without ever handling it in clear. In payments, a single integration combines encryption, 3D Secure, network tokens, and card data enrichment to reduce complexity and risk. The APIs provide automatic updates, tools for direct card payouts, and a dispute management portal, abstracting the sensitive logic from the client's application perimeter.
The company makes PCI best practices more accessible, integrating neutrally into the existing architecture and reducing impact on development pipelines. With a single integration, teams can orchestrate data collection, processing, and routing without touching the merchant's infrastructure. For PCI standards, a useful resource is the PCI Security Standards Council site: pcisecuritystandards.org.
Adopting a centralized encryption platform reduces the PCI perimeter, lowers recurring costs, and limits exposure in the event of security incidents.
Market footprint and measurable metrics
Over the last twelve months, Evervault reports revenue growth of more than 4x YoY and more than €4.2 billion of processed transactions, generating over 100 million encrypted tokens each month. The network counts over 7,000 integrations with banks and financial institutions, enabling customers to move card data without touching their own systems. Clients include global names such as CarTrawler, Overwolf, Ramp, and Rippling.
In terms of compliance, the company says that customers achieve PCI DSS compliance 95% faster and reduce related costs by an average of €86,000, implementing secure systems in days rather than weeks. For fintech product builders, these time and cost deltas can free resources to focus on growth, UX and differentiation. The operational impact is tangible and shows up as accelerated time-to-value.
Tokenization, 3D Secure and flow routing in a single integration reduce friction for product teams and improve the resilience of the entire payments chain.
The European context of applied cryptography
Evervault's Series B sits within a wave of European investments in encryption, digital trust, and infrastructure security. Among recent rounds: Zama in Paris (€49M, homomorphic encryption for encrypted computation), Evertrust in Paris (€10M, PKI and certificate lifecycle management), and Quantum Industries in Austria (€9.5M, quantum-secure communications). At the early stage level: Mirror Security (Dublin, €2.1M), Soverli (Zurich, €2.2M) and XFA (Antwerp, €1.5M). Overall, between 2025 and 2026, about €74M flows into startups enabling secure computing, digital trust and privacy-preserving computation.
What this means for founders and CTOs
For startups, the question isn't whether to adopt by-design encryption, but where to insert it to maximize risk reduction and competitive advantage. Adopting a centralized orchestration plan enables keeping data encrypted by default, integrating controls such as 3DS and network tokens, and reducing the exposure of the core product. For technical assessments and use cases, Evervault's official site is a good starting point: evervault.com.
Encrypted data orchestration: quick checklist
Define the perimeter of sensitive data (PCI scope, PII, corporate secrets) and map the flows that must be encrypted end-to-end. Centralize encryption, tokenization and multi-factor authentication controls at the point closest to data collection. Plan infrastructure segmentation to isolate components that should not come into contact with clear data, simplifying audits and time-to-compliance.
Debate: benefits and risks of a managed approach to orchestration
The adoption of managed platforms to orchestrate encrypted data offers substantial advantages: reduced PCI scope, standardized controls, shorter time-to-go-live, and intrinsic resilience to data breaches where data never appears in clear. There is a strategic dimension: by moving sensitive logic to a specialized layer, teams can focus on roadmap, UX and differentiation. However, there are trade-offs. The first is the risk of vendor lock-in: deeply integrating orchestration and encryption into the core flow can make future migrations challenging. The second is latency and reliability: for workloads with low tolerance for delays, it's essential to evaluate SLAs, redundancy architecture, and business continuity plans. A third issue concerns jurisdictions and data residency: cross-border flows must align with GDPR and payment network policies. Finally, the trust perimeter shifts: while reducing exposure of your stack, it's crucial to assess the supplier's security guarantees (certifications, independent audits, access controls, tenant isolation). The optimal choice depends on risk profile, the mix of markets served, and the need to focus resources on core capabilities rather than security infrastructure. A prudent approach includes a proof-of-concept, end-to-end observability measures, and well-defined exit plans, to maximize benefits while preserving room to maneuver.
Upcoming moves and impact on the ecosystem
Evervault plans to invest to expand the encryption infrastructure and make its APIs more accessible, with a focus on engineering and product. The combination of customer growth, integration network, and measurable reduction in PCI complexity points to a path toward a de facto standard for secure payments. For operators, this means accelerating geographic expansion and experimenting with new checkout experiences while maintaining strict risk controls.
From funding to practice: how to move now
For teams evaluating encrypted data orchestration, the first step is an assessment of sensitive flows and bottlenecks in compliance and development. Set clear objectives (reduce PCI scope, time-to-market, resilience), select a provider with verifiable guarantees, and start a POC on a high-impact payments flow. From there, iteratively extend orchestration to adjacent use cases, maintaining observability, audit trails, and fallback plans.
