UK-incorporated · Privacy-first · Audit-ready

Software for the next financial layer.

We build non-custodial, white-label fintech infrastructure for merchants who need stablecoin-native rails without becoming a payments licence holder. Crypto-pay is our flagship; more is on the way.

Explore products Talk to us

Products

What we build

Each product is shipped as software a merchant can integrate in an afternoon — never as a regulated service we hold on their behalf.

Live · open-source

Crypto-pay

White-label, non-custodial fiat-to-stablecoin top-ups for SaaS merchants. End-users log in with email, top up via an embedded on-ramp, and authorise every transfer themselves via MPC. The merchant receives a signed webhook and credits their own balance.

USDT & USDC Polygon · Base · Arbitrum · Optimism · BSC · Avalanche Web3Auth + Transak

Learn more GitHub

// merchant backend
import { verifyWebhook } from '@cryptopay/sdk';

app.post('/cb', (req, res) => {
  if (!verifyWebhook({
    rawBody: req.rawBody,
    header:  req.headers['x-cryptopay-signature'],
    secret:  env.CRYPTO_PAY_SECRET,
  })) return res.sendStatus(401);

  // credit user balance ↑
});

More products soon

We are building two further products in the same family — stablecoin-native rails for businesses that want to settle outside card networks. Get in touch if you want to be a pilot partner.

Custom infrastructure

Need a non-custodial flow that doesn't fit our shelf products? We take a small number of custom engagements per year. Reach out with the shape of the problem.

How we think

Five principles, applied to every product

These are the design choices that keep us a software vendor rather than a payments licence holder. They also keep our merchants out of the same regulatory perimeter.

The server never holds private keys.

Production code is grep-gated in CI. Any function that could create or sign a transaction on a user's behalf is blocked from merging.

Every fund movement is user-signed.

No automatic sweeps, no batch crons, no session keys. The user clicks a button or nothing happens.

We do not custody fiat or crypto.

Fiat lives at the licensed on-ramp partner. Crypto lives in the user's MPC wallet. Master wallets belong to the merchant, not to us.

Every change is auditable.

Append-only audit log, OFAC SDN screening before broadcast, configurable AML thresholds. Two-party approval for anything that affects fund flow.

Users can always export.

Where we touch user wallets, the user can export their private key at any time. Sovereignty is technical, not promised.

Compliance & security

Built for due diligence

We expect every merchant, on-ramp partner, and bank we deal with to do KYB on us. Here is what they will find.

Legal entity	Metaverse Trading Ltd, registered in the United Kingdom.
Custody posture	None. We do not hold fiat or cryptocurrency on behalf of users or merchants.
Sanctions screening	OFAC SDN list refreshed daily. Pre-broadcast checks on user + destination addresses.
AML monitoring	Per-user 24h / 7d threshold logging. Merchants receive alerts; we do not file SARs.
Data privacy	GDPR / KVKK Article 15 + 17 endpoints in our API. Email + public address only.
Cryptography	AES-256-GCM at rest with KMS envelope, HMAC-SHA256 for webhooks, scrypt for API keys.
Vulnerability reporting	Coordinated disclosure — see SECURITY.md.
Open-source	Crypto-pay's source code, runbooks, and threat model are public on GitHub.

Get in touch

Tell us what you're building.

We reply to every serious enquiry within one working day — merchant integrations, partnerships, security reports, or just general curiosity.

info@metaversetradingltd.co.uk GitHub