M
Mintory
Security-first architecture

Built on verification, not custody.

Mintory helps merchants create invoices, route checkout, detect on-chain payments, and reconcile status while keeping settlement in merchant-controlled wallets.

Security posture

Concrete controls and boundaries matter more than inflated certification badges.

Non-custodial by design

Mintory never asks for seed phrases or private keys. Payment addresses are merchant-controlled and customer funds settle directly on-chain.

  • No private-key access
  • Direct customer-to-merchant transfer
  • Merchant-controlled receiving wallets

Application data protection

Mintory protects application traffic and merchant metadata with standard web security controls and provider-level encryption where available.

  • TLS for data in transit
  • Scoped API keys should be rotated regularly
  • Minimal payment metadata storage

On-chain verification

Payment evidence is independently verifiable on-chain. Confirmation thresholds and finality depend on the selected network.

  • Transaction hashes for reconciliation
  • Chain-aware confirmation status
  • Audit-friendly invoice event history

Operational posture

Mintory is built as software infrastructure, not a custodian. Operational maturity should be validated before high-volume production usage.

  • Monitoring-oriented design
  • Webhook delivery observability
  • Responsible disclosure channel

How the payment model works

Mintory coordinates the payment workflow without sitting in the flow of funds.

1

Configure wallet

A merchant adds the receiving address used for checkout options.

2

Customer pays

The buyer sends funds to the configured address on the selected chain.

3

Mintory verifies

Mintory detects the transaction and updates invoices, dashboards, and webhooks.

Compliance boundaries

No hand-wavy badges. The public posture should stay aligned with what the product can prove today.

Mintory is not a bank, exchange, broker-dealer, custodian, or money transmitter.
Mintory does not currently claim SOC 2, ISO 27001, PCI DSS, or paid bug-bounty certification on this public page.
Merchants remain responsible for wallet security, customer support, tax reporting, refunds, and jurisdictional compliance.

Responsible disclosure

If you believe you found a vulnerability, email security@mintory.com with reproduction steps, affected URLs, expected impact, and safe proof-of-concept details. Mintory does not currently advertise a paid bounty program unless separately agreed in writing.

Security without pretending to custody funds.

Validate the flow, then integrate with the same posture: direct settlement, clear status, visible proof.