Skip to main content
reinx

AI agents spend real money. Who's watching?

You're routing real money through AI agents. Every layer of Reinx is built to ensure no financial action happens without your explicit authorization.

PCI DSS Compliant·Bank-grade Encryption·Zero Key Exposure·SOC 2 (in progress)·OCC-chartered Custody

Six security layers. Total control

Every layer is enforced by deterministic code at the payment network and infrastructure level — not by the agent.

01

Network-level limits

Enforced by Visa & Mastercard at the payment network. Agents cannot override.

02

Merchant restrictions

Category codes and merchant allow/deny lists lock agents to approved vendors only.

03

Human-in-the-loop

Approve or deny before the spend happens. Agents learn from denial feedback.

04

Velocity controls

Smart monitoring auto-freezes cards the moment spending patterns look unusual.

05

Dynamic spending controls

Per-transaction limits adjusted in real-time via the card issuing infrastructure.

06

Instant kill switch

Card dead. Wallet frozen. One tap. Takes effect in under 100ms.

What we store. What we don't

What Reinx stores

Agent names and configurationsBudget limits and spending policiesTransaction metadata and historyRestricted access tokens (hashed)Dashboard preferences

What we NEVER store

Card numbers or CVCsWallet private keysFinancial account credentialsRaw API keys (only hashed)Agent AI context or memory

Stripe handles all card data (PCI DSS Level 1). Privy secures wallet keys using secret-splitting cryptography and secure enclaves. Bridge provides federally licensed custody via an OCC-chartered bank.

Agents never hold credentials. Ever

The agent never holds card numbers, wallet private keys, or API secrets. All sensitive credentials live on the Reinx backend. The agent communicates through a restricted access token — it can request actions, but never sees or stores raw credentials.

Restricted-access tokens — never card numbers or wallet keys
No tools exist for agents to retrieve card details
Tokens stored in secure config, never in AI context
Credential Flow
Isolated
AI AgentSends structured request
Restricted TokenScoped permissions only
Reinx BackendValidates policy, holds credentials
StripePrivyBridge
Raw credentials never leave the backend

Bank-grade encryption. Everywhere

01

In Transit

TLS 1.3 encrypts all data between your device and our servers.

TLS 1.3
02

At Rest

AES-256 encrypts all stored data. Row-level database policies ensure each account only sees its own records.

AES-256
03

API Keys

Hashed with SHA-256. Shown once at creation. You can regenerate anytime.

SHA-256
TLS 1.3·AES-256·SHA-256
Found a vulnerability?We take security reports seriously. Reach out and we'll respond within 24 hours.
Report Issue

Trust is earned. We're building it.

Join the waitlist and be first to deploy agents with real financial guardrails.

See All Features