Payments, fintech and other regulated businesses pay Evervault to keep sensitive data encrypted from the moment it enters their systems, shrinking compliance scope and reducing the operational risk of handling plaintext. The Irish-founded company has raised EUR 25 million in Series B funding led by Ribbit Capital, with participation from Index Ventures and Sequoia Capital, alongside Kleiner Perkins and Operator Partners.
The round brings Evervault’s total funding to $46 million, according to the company. Evervault said it has delivered more than four times year-over-year revenue growth, processed more than $5 billion in transaction volume, and now generates over 100 million encrypted tokens each month.
A with-trend bet on security as infrastructure
This is a familiar 2026 pattern: investors are leaning into “security primitives” that sit directly in the data path and become hard to remove once embedded. Evervault’s pitch is straightforward: encrypt sensitive data at entry, then make it usable across modern workflows without reintroducing plaintext exposure. In payments, that can reduce PCI compliance scope, a tangible ROI lever for finance and security teams.
Ribbit Capital, a long-time fintech specialist, led the financing. Ribbit partner Justin Saslaw pointed to the rapid expansion of sensitive data as a global challenge, positioning Evervault’s technology as a way to handle that data securely while still enabling product innovation.
The backdrop is hard to ignore. Evervault is explicitly framing its platform around two converging forces:
- Exploding data volumes, with global data growth expected to reach 527 zettabytes by 2029.
- Generative AI and agentic workflows that increase data movement and replication, making it harder to control where sensitive fields travel and how they are used.
Why “encrypt at entry” matters commercially
For mid-market operators, data protection often fails in the handoffs: between app layers, third-party services, and internal analytics. Tokenisation and encryption can be implemented point-by-point, but that tends to sprawl into bespoke integrations and inconsistent policies.
Evervault is trying to standardise the workflow. By encrypting at the edge and generating tokens at scale, the platform can limit who can access sensitive values, where they can be decrypted, and under what conditions. The company’s reported scale (over 100 million encrypted tokens monthly) suggests it is already operating in high-throughput environments.
A second commercial driver is switching cost. Once encryption is embedded into payments flows, customer onboarding, and internal data pipelines, ripping it out is not just a security project. It becomes a product and compliance change programme. That dynamic tends to support retention and expansion, particularly if the platform can add coverage for more data types, more systems, and more geographies.
Where the new capital is going
Evervault said the funding will be used to expand its encryption infrastructure and invest in product development and engineering teams. That is consistent with the category’s requirements: performance, reliability, and developer experience are often the deciding factors once buyers accept the security thesis.
While the company did not detail go-to-market plans in the announcement, the investor mix points to ambition beyond a narrow compliance tool. Security infrastructure vendors typically win by:
- Becoming the default choice in a specific workload (payments is a natural wedge).
- Expanding to adjacent regulated data workflows, especially where data is shared with partners.
- Building integrations that reduce implementation time and lower the burden on engineering teams.
Evervault also highlighted strong growth in card payments, supported by a payments ecosystem with thousands of bank integrations. In that environment, reducing plaintext exposure across vendors and processors is becoming less of a “best practice” and more of a prerequisite for shipping new features safely.
Competitive reality: crowded market, differentiated insertion point
The broader data security market is busy, spanning traditional encryption, tokenisation, key management, privacy tooling and newer “data security posture” platforms. Evervault’s differentiation is less about claiming a new control and more about where it sits in the architecture: at the point of data entry, with a developer-oriented approach to keeping data protected as it moves through applications.
That positioning aligns with what buyers are asking for as AI-driven workflows proliferate: controls that travel with the data and are enforced by default, rather than policy documents and after-the-fact monitoring.
What this enables
- Faster product iteration in payments and regulated workflows without expanding plaintext exposure
- Reduced PCI compliance scope by limiting where sensitive card data is handled
- A security baseline that can extend to AI and agentic workflows as data movement increases
What to watch
- Proof that Evervault can maintain low latency and high availability as volumes scale
- Expansion beyond payments into broader regulated data workflows, without diluting the core use case
- How quickly engineering-led deployments convert into repeatable sales motions and larger enterprise rollouts
- Competitive pressure from incumbents in encryption and tokenisation adding “edge” capabilities