AI agents spend real money. Who's watching?
Real money needs explicit policy, clear trust boundaries, and auditable decisions. Reinx uses deterministic controls—never hidden AI judgment—to decide whether a request can execute automatically or needs human review.
Six security layers. Total control
The request crosses explicit boundaries from identity to organization scope, policy, signing, and audit. The agent cannot skip a stage.
Human and machine authentication
Clerk sessions, organization keys, and scoped agent keys establish who is acting.
Organization context and role scope
Every request is resolved to an organization and, where applicable, constrained to project and team scope.
Wallet and workspace gates
KYB, workspace lifecycle, and wallet readiness are checked before financial operations.
Deterministic payment policy
Budgets, per-payment caps, velocity limits, and approval rules run before execution.
Signing and custody boundary
Reinx builds and authorizes payment intent; custody and signing stay inside hardened infrastructure.
Audit trail and pause control
Every tool call and financial decision is recorded. Pausing an agent blocks new payments.
What we store. What we don't
What Reinx stores
What we NEVER store
When virtual cards launch, issuing-provider elements will keep card data out of the Reinx frontend and backend. Dakota, a FinCEN-registered MSB, runs the wallet, on-ramp, off-ramp, and KYC infrastructure. Wallets are non-custodial: Reinx holds the ECDSA P-256 signing keys, and customers can revoke Reinx’s signing authority at any time.
Agents never hold provider credentials
An agent does hold a scoped Reinx bearer credential so it can call MCP tools. It never receives wallet private keys, custody signing material, or provider secrets. Those remain behind the Reinx API and hardened signing boundary.
Bank-grade encryption. Everywhere
In Transit
TLS 1.3 encrypts all data between your device and our servers.
TLS 1.3At Rest
AES-256 encrypts all stored data. Row-level database policies ensure each account only sees its own records.
AES-256API Keys
Stored as an HMAC-SHA-256 hash. Shown once at creation and replaceable anytime.
HMAC-SHA-256Trust is earned. We're building it.
Join the waitlist and be first to deploy agents with real financial guardrails.