Security
Built to be defensible.
We are designing Load.money to be defensible against the threats that real authority systems face. This page describes our intended posture as we build, and will be kept honest as the product evolves.
Custody-safe by design
We never take custody of customer funds. There is no internal API to move money. Connected accounts are referenced read-only.
Passkey-first authentication
Passkeys are the primary credential. Passwords are not required.
Step-up for sensitive actions
Activating a policy, granting delegation, approving a high-value action, or changing recovery requires a fresh authentication.
Tamper-evident audit
Every sensitive event is recorded in an append-only log chained by hash. Users can verify their own history.
Strict delegation
Delegated authority is narrow, expiring, and revocable. Out-of-scope attempts are denied and logged with the same fidelity as successful actions.
Default deny
Authorization is centralized and default-deny. New actions require explicit rules.
Honest recovery
Recovery uses cooldowns, multi-channel notice, and full audit. We do not pretend recovery is impossible — we make it accountable.
Found a vulnerability? Email security@load.money. We will respond promptly.