Trust Center

Proof, not promises.
The receipts behind every settlement.

The single source of truth for AsterPay's entity, licensing model, compliance controls, security posture, and the open attestations anyone can verify on-chain.

Operational MiCA-aligned ERC-8004 #16850 Sanctions screening live EU-native
99.9%
Settlement uptime
Rolling 90-day
<10s
Median settlement time
USDC → EUR via SEPA Instant
100%
Counterparties screened
Sanctions & high-risk lists
0
Customer funds held
Non-custodial settlement
● Illustrative — live volume, settlement count and latency to be wired from the x402-api metrics endpoint. AsterPay does not publish fabricated figures.
01 / Identity

Entity & licensing

Who we are, where we are regulated, and exactly how money moves.

Operating entityAELIRA LTDVerified
JurisdictionCyprus (EU) · Reg. HE 490977Verified
Registered address9 Karpenisiou, Strovolos 2021, Nicosia, CYVerified
Regulatory modelSettlement & trust orchestration via licensed EU CASP / EMI partnersPartner-backed
Customer fund custodyNon-custodial — funds never pooled by AsterPayConfirmed
02 / Controls

Compliance & screening

Every payment path is screened, scored, and built to EU expectations.

🛡 Sanctions screening

Every inbound counterparty wallet is screened against sanctions and high-risk lists before settlement. Hits are blocked, not flagged-and-forwarded.

Coverage // OFAC, EU, UN lists

KYA Trust Score

Open 0–100 trust framework scoring agent wallets across seven components: wallet age, activity, sanctions, ERC-8004 identity, operator KYB, history, trust bond.

Schema // /.well-known/kya-schema-v1

MiCA alignment

Settlement runs through licensed European payment partners. AsterPay's controls are built to MiCA and EU AML expectations for agent-initiated flows.

Posture // MiCA-aligned

📝 Merchant onboarding

Business onboarding (KYB) via Sumsub. Completed once at the merchant level — no per-transaction KYC on the agent payment path.

Provider // Sumsub

Travel Rule readiness

Counterparty and originator data captured to support EU Travel Rule obligations on settlement legs handled by our regulated partners.

Status // Partner-handled

🔒 Data protection

EU data residency on the settlement path. Minimal PII retained; agent payment proofs are cryptographic, not identity-bearing.

Framework // GDPR
02 / Accountability

Who controls this agent?

Crypto proves which wallet an agent is. KYA also resolves the human or legal entity behind it — in four verifiable layers, fail-closed.

1 · Wallet self-proofThe agent signs every payment with its own key (EIP-3009 / EIP-191)Cryptographic
2 · On-chain ownerERC-8004 ownerOf resolves the registered owner of the agent identityOn-chain
3 · KYC attestationOptional Coinbase KYC attestation for the wallet, read via EAS — pass/fail only, no PIIEAS attested
4 · Operator bindingWallet bound to a KYB-verified legal operator via a signed challenge (EIP-191, SIWE-inspired — not EIP-4361)Live

🔗 Verify it yourself

The controller resolution for any agent wallet is a public, free read. No login, no PII — just the operator binding, its KYB status and jurisdiction.

Endpoint // GET x402.asterpay.io/v1/agent/binding/{address}

See a live bound example →

● Non-custodial & honest by design — AsterPay stores operator metadata and KYB status only, never raw KYB documents. The binding is an EIP-191 personal_sign proof (EOA and EIP-1271 smart accounts), not an EIP-4361 sign-in. Legal name is shown only when KYB is approved.
03 / Hardening

Security posture

What is deployed today, and what is on the roadmap — stated honestly.

Transport securityTLS 1.3 · HSTS preloadDeployed
Content Security PolicyStrict CSP on asterpay.ioDeployed
Security headersX-Frame-Options, X-Content-Type-Options, Referrer-PolicyDeployed
Vulnerability disclosure/.well-known/security.txtPublished
Error handlingNo stack traces or internals returned to clientsEnforced
Rate limitingPer-IP limits + automated scanner ban on production APIsActive
SOC 2 Type IIControls mapping in progressIn preparation
04 / Rails

Settlement & rails

How an agent payment becomes euros in a merchant bank account.

How a settlement works

An agent pays in USDC, EURC or EURCV on Base, Polygon, Arbitrum, Optimism or Ethereum. AsterPay verifies the x402 / MPP payment proof, screens the counterparty, and our licensed CASP partner converts to EUR and pays the merchant bank account via SEPA Instant — typically in under ten seconds.

Protocols // x402 (Coinbase) · MPP (Stripe/Tempo)

🌐 Rails & assets

EUR via SEPA Instant today. GBP via Faster Payments and USD via ACH on the roadmap. Settlement assets: USDC, EURC, EURCV — with MiCA-native EUR stablecoins (e.g. EURAU) under evaluation as an additional EUR leg.

Chains // Base, Polygon, Arbitrum, Optimism, Ethereum
05 / Verify

Open attestations

Trust you can check yourself. Every claim points to a public, verifiable source.

KYA Trust Score schema v1/.well-known/kya-schema-v1 Security disclosure policy/.well-known/security.txt x402 ecosystem listingx402.org/ecosystem Open-source & librariesgithub.com/AsterPay ERC-8004 identity — Agent #16850Base · on-chain registry API & integration docsasterpay.io/docs
06 / Get in touch

Security, compliance & data requests

Responsible disclosure, KYB/AML questions, GDPR requests — send it here and it reaches the founding team directly.