Security & Architecture

Non-Custodial by Design
Zyrox does not store private keys.
We do not control or access merchant funds.

Only your public wallet data (xPub) is stored.

Join for freeSee documentation

Data Policy

No private financial credentials are held. We store only following data:

Public wallet identifiers

Zyrox stores only public wallet identifiers such as xPub keys or generated public addresses. These allow payment monitoring and address generation, but do not provide access to private keys or control over funds.

Public wallet identifiers

Zyrox stores only public wallet identifiers such as xPub keys or generated public addresses. These allow payment monitoring and address generation, but do not provide access to private keys or control over funds.

Integration data

We store limited payment metadata including transaction hashes, payment status, timestamps, and invoice references. This information is used to track payment confirmations and deliver webhook notifications to merchants.

Smart contracts

Subscription logic is executed on-chain via smart contracts.

Funds are transferred directly from customer to merchant wallet.

Zyrox non-custodial crypto subscription billing flow

Public wallet identifiers

+ Details
We use public wallet identifiers to generate payment addresses and monitor blockchain activity. These identifiers are safe to store because they cannot authorize transfers, expose seed phrases, or give Zyrox access to customer or merchant funds.
/

Payment metadata

+ Details
Payment metadata is limited to the information needed to reconcile invoices: amounts, currencies, transaction hashes, confirmation status, timestamps, and merchant references. This keeps payment tracking reliable without collecting unnecessary card or banking data.
w

Webhook metadata

+ Details
Webhook and integration metadata is used to notify merchant systems when a payment is detected, confirmed, expired, or requires attention. API keys, webhook secrets, and integration settings should be rotated regularly and are never used to custody funds.

No private financial credentials are held.

+ Details
Zyrox is non-custodial by design. We do not store private keys, seed phrases, exchange credentials, card numbers, or bank login details. Settlement goes directly to merchant-controlled wallets, reducing custodial risk and limiting sensitive data exposure.
Join now

Confirmation policy

Transactions are considered confirmed only after predefined blockchain confirmations.

No instant approval without network confirmation.

    • Encrypted HTTPS (SSL/TLS)

    • Isolated backend architecture

    • Role-based internal access

    • Minimal data storage