Dotva
ResourcesFAQFrequently Asked Questions
FAQ

Frequently Asked Questions

Common questions about Dotva's financial management system, virtual cards, workspace setup, deposits, and subscriptions.

Frequently Asked Questions

General

What is Dotva?

Dotva is a financial management system built for SMBs, teams, and individuals. It replaces the traditional "pay out-of-pocket, submit for reimbursement" workflow with a structured virtual card issuance model — giving organizations real-time control over employee spending without the friction of expense reports. Virtual cards are the instrument Dotva uses to enforce spending policies; the platform itself handles budgeting, approvals, transaction visibility, and reconciliation.

Who is Dotva for?

Dotva is designed for any organization that needs to control distributed spending:

  • Finance teams eliminating manual expense reimbursement cycles
  • Remote and distributed teams that need payment tools without physical card logistics
  • SaaS companies allocating per-project or per-department budgets
  • Agencies managing client campaign spend
  • Freelancers and individuals who want separate, purpose-limited cards for subscriptions and online purchases

Is Dotva a bank?

No. Dotva is a financial technology platform. Virtual cards are issued through licensed card program providers. Dotva does not hold a banking license and does not provide deposit insurance.

Accounts & Registration

How do I create an account?

Visit https://www.dotva.io/register, enter your email address, and set a password. After verifying your email, you can create your first workspace.

How do workspaces work?

Each account automatically has one primary workspace created at registration. Workspaces are the unit of financial management — they hold the wallet, cards, staff, and subscription. A single account can be a member of multiple workspaces (e.g. as a delegate or staff member for another organization), and you can switch between them from the sidebar.

Is two-factor authentication required?

TOTP-based 2FA is optional for workspace owners and staff but strongly recommended. It is required for platform administrators. Certain sensitive operations — such as viewing card secrets or submitting large withdrawals — trigger a step-up re-verification regardless of whether 2FA is enabled.

Virtual Cards

What card networks does Dotva support?

Dotva currently issues Visa virtual cards, with Mastercard and JCB support in progress. As additional card programs are integrated, new card products will appear in your product catalogue automatically.

How fast are cards issued?

Card issuance is typically completed within a few seconds after the order is accepted. The card transitions from pending_issue to active once the issuer confirms.

What are the card fees?

Fees vary by card product. Before issuing a card, the product picker shows the exact issuance fee and top-up fee for each product. A typical example:

  • Issuance fee: $3.00 (one-time, deducted from the initial top-up)
  • Top-up fee: 3% of the top-up amount

Can I freeze a card?

Freeze support depends on the specific card product. Not all products support freeze / unfreeze. Check the card's capability flags before attempting to freeze — if the Freeze button is visible, the product supports it. Frozen cards will decline all transactions until unfrozen.

What happens to funds when I close a card?

When you close a card, the remaining balance is automatically returned to your workspace wallet within approximately 24–48 hours after the card is settled.

How do I view a card's PAN, CVV, and expiry?

In the card detail page, click Verify & Reveal. You will be prompted to re-enter your password or TOTP code (step-up authentication). After verification, the card number, CVV, and expiry are displayed for a short window. Secrets are shown in-browser only and are never stored in plaintext.

Why did a transaction fail? How do I identify the cause?

There are two scenarios:

  1. A declined bill appears in the transaction list — open the bill to see the decline_reason field. Common reasons include insufficient_funds, card_frozen, avs_mismatch, cvv_mismatch, and risk_blocked.
  2. No declined bill appears at all — this means the transaction was blocked at the merchant's side (e.g. by their fraud prevention or payment gateway) before it ever reached our card network. In this case we receive no notification and cannot provide a specific failure reason. The most common causes are merchant-side CVV checks, AVS strictness, or velocity controls on the merchant's processor.

If you repeatedly experience unexplained failures at a specific merchant, check whether the billing address on the card matches exactly what the merchant expects, and contact the merchant's support for details.

What does a risk_blocked decline mean?

The transaction was declined by Dotva's risk engine — for example, because the merchant is in a restricted category (gambling, adult content, cryptocurrency), or because a risk rule was triggered (consecutive failures, multi-country rapid spending, etc.). See the Risk Control Policy for details.

Wallet & Deposits

What currency is the wallet in?

Wallet balances are denominated in USD.

How do I deposit funds?

Go to Wallet → Deposit. The system generates a dedicated USDT (TRC20) address for your workspace. Send USDT to that address. Once the on-chain transaction is confirmed, your USD balance is credited automatically. USDT conversion to USD is handled by our third-party payment partner — the credited amount reflects the rate applied at the time of settlement.

What is the deposit fee?

$2.00 flat + 1% of the deposit amount. For example, a $1,000 deposit incurs a $12.00 fee and credits $988.00 to your wallet.

How long does a deposit take?

TRC20 deposits typically confirm within 3–5 minutes, depending on network congestion. The credit appears in your wallet as soon as confirmation is received.

What is the minimum deposit?

200 USDT.

Can I withdraw funds?

Yes. Go to Wallet → Withdraw and submit a withdrawal request. Withdrawals are processed in USDT and take 7–15 business days after passing compliance review. Only one pending withdrawal request is allowed per workspace at a time.

Why might a withdrawal be delayed?

Withdrawals may be delayed or held if:

  • The workspace has active risk flags or an outstanding compliance review
  • There are unpaid fee obligations (e.g. negative wallet balance from risk penalties)
  • The requested amount exceeds the available cleared balance

Team & Staff

Do I need a subscription to add staff?

Yes. Adding staff members requires the Staff Seats add-on subscription ($1.99/seat/month; discounts apply for 20+ seats).

What can staff members do?

Staff can:

  • View and use their assigned virtual cards
  • Submit tickets for card top-up and card closure
  • View their own transaction history and card details

Staff cannot manage the workspace wallet, invite other members, or access workspace settings.

Can I grant a team member elevated access?

Yes. You can add a Delegate with owner-level or custom-permission access via RBAC. Delegates can manage most workspace functions depending on the roles granted.

Subscriptions

How are subscription fees charged?

Subscription fees are deducted directly from your workspace wallet on the billing date. No external payment method is required.

What happens if my wallet balance is insufficient at renewal?

The subscription will not renew automatically. The associated features are suspended until you top up the wallet and manually renew the subscription.

Can I cancel a subscription?

Yes. You can cancel at any time from the Subscription page. The subscription remains active until the end of the current billing period and will not renew.

Developer

Is there an API?

Yes. Dotva provides a full REST API covering cards, wallet, orders, and webhooks. See the API Overview for documentation.

Is API access available on all plans?

No. Full API access (token issuance, webhook delivery) requires the Developer subscription ($199/month). Without an active Developer subscription, API token creation and webhook endpoints are disabled.

Does the API use cookies or sessions?

No. The API uses Bearer token authentication exclusively. There are no cookies, CSRF tokens, or server-side session state.

How do I receive real-time events?

Configure a webhook endpoint in Settings → Developer → Webhooks. Dotva will POST signed event payloads to your URL as events occur (e.g. card.issued.secrets after card issuance).

Are webhook payloads signed?

Yes. Every webhook delivery includes an X-Dotva-Signature header (sha256=<HMAC-SHA256 hex>). Always verify this signature before processing the payload to prevent replay and spoofing attacks.

Security

Is my card data safe?

Yes. Card secrets (PAN, CVV, expiry) are stored using Envelope Encryption (KEK + DEK) and are never exposed in logs or standard API responses. Revealing secrets requires step-up re-authentication.

What encryption standards do you use?

  • Data at rest: AES-256
  • Data in transit: TLS 1.3
  • Card secrets: Envelope encryption with periodic key rotation
  • Webhook signatures: HMAC-SHA256

What should I do if I suspect unauthorized access?

  1. Immediately change your password via Account → Security
  2. Revoke all active sessions from the Security page
  3. Disable and re-enable TOTP to rotate your authenticator secret
  4. Contact us at support@dotva.io

Contact & Support

How do I get help?

Email support@dotva.io for general inquiries, billing questions, and technical support.

What are your support hours?

Our support team operates on business days. We aim to respond to all inquiries within 1–2 business days.