Trust & security

Security you can audit.

Fintech is Your-Money-Your-Life territory, so we build for it: passkey auth, MPC custody, sanctions screening, and open-source code you can read yourself.

How we protect you

Compliance status

We publish where we actually are — not aspirational badges. Controls marked live run in production today; formal certifications on the roadmap are dated as they progress.

Sanctions screening on every paymentLive
Travel Rule information supportLive
MiCA-aligned design (EURC auto-swap, jurisdiction handling)Live
Passkey (WebAuthn) auth + 2-of-2 MPC custodyLive
GDPR alignment (privacy policy, DPA, subprocessors)Live
Responsible disclosure & safe harborLive
SOC 2 Type IIIn progress
Independent penetration testPlanned
Smart-contract auditPlanned
SSO / SAML for enterprise accountsPlanned

Status as of July 2026. Enterprise customers can request current documentation under NDA via sales.

For enterprise security teams

Per-transaction audit trail

Every payment produces a signed, Arbiscan-verifiable receipt and an immutable on-chain record for audit and reconciliation.

Jurisdiction & KYC controls

Enforce jurisdiction blocks and KYC-tier gating per policy, applied before settlement.

Reconciliation exports

Structured payment and settlement data (CSV / ISO 20022) for finance and ERP reconciliation.

Incident response

Documented response process, a public status page, and disclosure via our responsible-disclosure policy.

Data handling

Documented retention and deletion, a subprocessors list, and DPA available for enterprise contracts.

Open-source auditability

Core SDKs, CLI, MCP server, and x402 facilitator are MIT-licensed, so your team can review the payment path directly.

Policies & disclosures

Frequently asked questions

How does Furlpay keep my funds secure?

Furlpay uses passkey (WebAuthn) authentication and 2-of-2 MPC custody, so signing is phishing-resistant and no single device or party can move funds alone. There is no seed phrase to lose or leak, and account recovery works through your passkey providers.

Is Furlpay open source?

Yes. The SDKs, CLI, MCP server, browser extension, and x402 facilitator are MIT-licensed on GitHub, so the code can be independently audited, forked, and self-hosted.

How do I report a security vulnerability?

Follow the responsible-disclosure policy at /legal/responsible-disclosure. It explains scope, how to submit a report, and what to expect after disclosure.

How does Furlpay handle compliance?

Payments are screened against sanctions lists, Travel Rule information is supported where required, and the platform is designed for MiCA in the EU (including EURC auto-swap). See the compliance and legal sections for specifics by jurisdiction.

Furlpay is not a bank. Crypto assets are not deposit-insured and can lose value. Specific compliance features vary by jurisdiction.