TRUST CENTER

Fundsstaynon-custodial.

Your funds remain in your wallet or in transparent on-chain escrow contracts you can independently verify.

Non-custodial coverage

2FA-eligible accounts

Sanctions lists screened

Planned third-party audits

Our security model

Non-custodial by design. MettaPay never takes possession of user funds. All movement is wallet-signed and on-chain.
Programmable escrow. Funds held in escrow are governed by audited smart contract templates with explicit release, refund, and dispute paths.
Defense in depth. TLS in transit, encryption at rest, role-based access, audit logging, two-factor authentication, and least-privilege service accounts.
Compliance. KYC/KYB, sanctions and address screening, transaction monitoring, and SAR-ready record keeping.

Audit status

MettaPay is currently in internal review. A third-party smart contract audit is planned before mainnet escrow volume scales. We will publish the audit report and remediation summary on this page once complete. We do not and will not claim audits we have not received.

Supported wallets

MettaPay connects via WalletConnect v2 and standard EVM wallet providers, including:

MetaMask
Coinbase Wallet
Rainbow
Trust Wallet
Ledger & Trezor (via WalletConnect or MetaMask)

Reporting a vulnerability

Email: security@mettapays.com
Response SLA: initial reply within 5 business days
PGP key: available on request
Machine-readable contact: /.well-known/security.txt
See our Responsible Disclosure policy

Incident response

In the event of a confirmed security incident affecting user funds or data, we will notify affected users within 72 hours of confirmation, publish a public post-mortem, and coordinate with regulators where required.

Acknowledgments

Researchers who responsibly disclose verified findings will be credited here, with permission.

What MettaPay will never do

If anyone claiming to represent MettaPay does any of the following, it is a scam — disconnect, do not sign, and report to security@mettapays.com.

Ask for your seed phrase

Or private keys, or 2FA codes. Ever.

DM you out of the blue

On Telegram, Discord, X, WhatsApp, or email asking you to "verify" your wallet.

Ask you to sign off-domain

Anything outside mettapays.com is not us.

Ask you to send funds to "unlock"

Real escrow never asks for unlock fees.

Offer airdrops or giveaways

We don't run airdrops. Anyone claiming to is a scam.

Run support outside the app

Help only comes through our in-app help center.

Found something? Tell us.

Safe-harbor researchers are welcome. We reply within 5 business days.

Email security@Disclosure policy