What we secure, and how honestly.
ArcPay is a control plane, not a custodian. We separate live Somnia Testnet contracts, wallet signatures, and hosted infrastructure responsibilities clearly.
Non-custodial
ArcPay never holds keys. Signing happens in the connected Somnia EVM wallet before contract writes or payment intents proceed.
Viewing keys, not surveillance
Auditors get scoped disclosure records per review scope. Private memo data stays separate from the public commitment trail.
Privacy-intent layer
SomniaPrivacyVault creates STT or SOMUSD commitments, encrypted memo pointers, delayed recipient release, cancel/refund, and nullifier protection. It is not marketed as a full shielded pool.
Action-level audit
Agent registry, order, card, payment, policy, privacy, and oracle actions are recorded with transaction hashes where a Somnia write occurred.
Policy-enforced spend
Hourly, daily, and weekly limits, approval thresholds, allowed tokens, blocked actions, minimum Somnia risk score, contractor allowlist, and emergency pause.
Final-review modal, always
Network, wallet, token, amount, route, recipient, and policy context are reviewed before any money-moving signature.