Security & trust
PayAI is non-custodial. You hold your own money, you approve every payment, and every payment is a real transaction you can verify on-chain. Here is exactly how that works, in plain terms.
You own it
Your wallet, your keys, your funds. PayAI never takes custody and never asks for your seed phrase.
You can verify it
Every payment settles on Monad Mainnet with a transaction hash anyone can look up. Nothing is hidden or simulated.
You approve it
No money moves without your signature. PayAI proposes a transaction; your wallet decides.
Non-custodial by design
You connect your own wallet and approve every payment yourself. PayAI never holds your funds and never has access to your private keys or seed phrase. The one exception is scheduled and recurring payments: because you are not there to sign each run, they settle through a dedicated agent that can only spend within the per-transaction and daily limits you set on-chain. It cannot exceed those limits, and it cannot touch anything you did not schedule.
Built-in safeguards
Your signature is required
Interactive payments are signed by your own wallet. PayAI can build a transaction but cannot send it.
Replay protection
Each payment carries a unique key the contract marks as used, so a retried or duplicated request can never settle twice.
On-chain spend limits
Per-transaction and daily caps are enforced by the smart contract itself, not just in the app.
Checked before you sign
Every payment is validated for the right recipient, amount, and limits before it ever reaches your wallet.
What PayAI never does
- ✕Take custody of your funds
- ✕Ask for your seed phrase or private keys
- ✕Move money without your signature
- ✕Sell or share your data
Verify it yourself
Do not take our word for it. The code and the contracts are public.
Straight about where we are
PayAI runs on Monad Mainnet today and its code is covered by an automated test suite that runs on every change. We are also honest about what is still ahead: a formal third-party security audit and an integration with a dedicated sanctions-screening provider are on the roadmap, and address screening today is rules-based rather than a licensed service. We would rather tell you that than imply otherwise.
Found a security issue?
Report it privately and we will respond quickly.