What we secure, and how honestly.
ArcPay is a control plane, not a custodian. We separate live Arbitrum Sepolia contracts, wallet signatures, and hosted infrastructure responsibilities clearly.
Non-custodial
ArcPay never holds keys. Signing happens in the connected Arbitrum EVM wallet before contract writes or payment intents proceed.
Viewing keys, not surveillance
Auditors get scoped disclosure records per review scope. Private memo data stays separate from the public commitment trail.
Privacy-intent layer
ArbitrumPrivacyVault creates ETH or USDC commitments, encrypted memo pointers, delayed recipient release, cancel/refund, and nullifier protection. It is not marketed as a full shielded pool.
Action-level audit
Agent registry, order, card, payment, policy, privacy, and oracle actions are recorded with transaction hashes where an Arbitrum write occurred.
Policy-enforced spend
Hourly, daily, and weekly limits, approval thresholds, allowed tokens, blocked actions, minimum Arbitrum risk score, contractor allowlist, and emergency pause.
Final-review modal, always
Network, wallet, token, amount, route, recipient, and policy context are reviewed before any money-moving signature.