wally.
Contact salesSign in
Home/Security
Security & compliance

Enterprise-grade by default.

Security isn't a tier — it's the foundation. Wally is built to meet the requirements of the most regulated organizations in the world, from day one.

SOC 2 Type II
ISO 27001
GDPR
Wallet pass
Wallet pass
Wallet pass
Encrypted & audited
AES-256 · TLS 1.3 · immutable logs
Uptime SLA
99.99%
▲ multi-region
SOC 2
Type II, audited annually
ISO 27001
certified ISMS
99.99%
uptime SLA
US / EU
data residency
Certifications

Independently verified, continuously.

Wally's controls are audited by third parties and renewed on an ongoing basis — so the evidence behind our claims is always current.

SOC 2 Type II
Audited annually
ISO 27001
Certified ISMS
GDPR
EU data residency
Encryption everywhere
AES-256 at rest, TLS 1.3 in transit, with envelope-encrypted signing keys.
SSO & SCIM
SAML/OIDC single sign-on and automated user provisioning.
Granular RBAC
Scoped API keys and role-based access across teams and environments.
Immutable audit logs
Every issuance, update, and revocation is logged and exportable.
99.99% uptime SLA
Multi-region, redundant infrastructure with public status transparency.
Data residency
Choose US or EU processing regions to meet local requirements.
Trust center

Built for the requirements of regulated teams.

From healthcare to financial services, Wally gives security and compliance teams the controls, evidence, and contractual terms they need to say yes.

Keys

Managed signing

Apple and Google certificates are managed and rotated for you — your team never touches raw signing keys.

Revocation

Instant kill-switch

Invalidate any lost or compromised credential in milliseconds, with full reason codes and audit trail.

Contracts

Custom DPA

GDPR-ready data processing agreements and security addenda for enterprise procurement.

Monitoring

Status transparency

Real-time public status, incident history, and proactive alerting on a multi-region platform.

FAQ

Questions, answered.

Yes. Wally is SOC 2 Type II audited annually and holds an ISO 27001-certified information security management system. Reports are available to customers under NDA.

Enterprise customers can choose US or EU processing regions. Credential data is stored and processed within your selected region to meet GDPR and local regulatory requirements.

Apple and Google pass-signing keys are envelope-encrypted and managed by Wally, so your team never handles raw certificates. Keys are rotated automatically.

Wally supports SAML/OIDC single sign-on, SCIM provisioning, granular role-based access control, and scoped API keys per environment — all backed by immutable audit logs.

Ready to review our security posture?

Request our SOC 2 report and security documentation, or talk to our team about your compliance requirements.