Docs Partners Compliance & Architecture

Compliance & Architecture

TRUE is decentralized, non-custodial infrastructure. We never take custody, never move user funds, and operate no exchange or money-transmission service.

What TRUE is

TRUE is decentralized, open, non-custodial infrastructure on Solana. The product surfaces — chat, signals, swaps, agentic execution — sit on top of public on-chain primitives and public oracle data. Every action that moves value is a transaction the user signs from a wallet they control.

What TRUE is not

TRUE never takes custody of user funds

TRUE is not a money transmitter, not a custodian, not a broker-dealer, not an exchange, and not a trading platform in the regulated sense of those terms. We do not hold user assets, do not pool user assets, do not match orders, and do not act as counterparty to any trade. Funds remain in the user’s self-custodial wallet at every step.

The architecture is intentional, not incidental:

  • Self-custody throughout. Assets live in the user’s wallet. TRUE has no admin keys over user funds, no recovery override, no claw-back capability.
  • Signing happens on the user’s device. Every transaction — swap, transfer, approval, agentic action — is signed locally by the user’s wallet. TRUE never holds a private key that controls user assets.
  • No order book, no matching engine. Swaps route through public on-chain DEXs. TRUE is a router and a UX layer, not a venue.
  • No fiat handling. When users on-ramp fiat to crypto, the regulated party is the on-ramp provider (e.g. Banxa). TRUE never touches fiat.
  • Open and inspectable. On-chain activity is publicly verifiable. The price oracle stack, the routing logic, and the agentic safety middleware are documented in these docs and behave deterministically against public inputs.

Why this matters for users

Because TRUE never custodies funds, there is no “TRUE balance” that can be frozen, lost, or seized at the protocol level. The wallet is yours, the keys are yours, the assets are yours. If you lose your wallet’s recovery method, TRUE cannot help you recover it — that’s the cost of self-custody, and we are explicit about it everywhere it matters.

Because TRUE does not run an exchange or a trading platform, there is no order book to manipulate, no internal liquidity for the protocol to be on the wrong side of, and no internal margin for a user position to liquidate against the protocol.

Why this matters for partners

For Partners

If you embed TRUE surfaces into your product, you are embedding non-custodial primitives. Your users keep custody throughout. Your obligations remain whatever they would be for any non-custodial wallet UX you ship — typically informational disclosures, not money-transmission licensing.

You remain responsible for:

  • User-facing disclosures in the locales you serve, including the standard “not financial advice” notice on any signal-bearing surface.
  • Local registrations that apply to your overall product (e.g. virtual-asset-service-provider registrations in jurisdictions that require them for businesses offering crypto access).
  • Geo policy for your own product. The TRUE API exposes geo headers (X-Geo-Restricted, X-Geo-Allowed-Surfaces) that you should honor.

We do not provide legal advice. Consult counsel in the markets you operate in.

Why this matters for developers

For Developers

The integration model assumes the user holds keys. Every API path that ends in a transaction returns an unsigned transaction or a route plan for the user’s wallet to sign. There is no “trade on behalf of the user” endpoint, even for agentic flows — agentic execution still terminates in a user-signed transaction or a user-pre-authorized session key with explicit caps. See Agentic Trading.

Geo headers are advisory and informational, not gating. The protocol does not enforce a regional policy at the wallet layer — that’s not where enforcement lives in a non-custodial system. If your product needs to restrict access regionally, do it in your application layer using the headers as input.

const r = await fetch(url, { headers: { Authorization: `Bearer ${token}` } });

if (r.headers.get('X-Geo-Restricted') === 'true') {
  return renderRestrictedNotice();
}

const allowed = (r.headers.get('X-Geo-Allowed-Surfaces') || '').split(',');
if (!allowed.includes('chat')) hideChat();
if (!allowed.includes('swap')) hideSwap();

Responsible disclosure

Security issues go to [email protected]. We acknowledge inside one business day; critical reports get an out-of-band response. Public disclosure follows a 90-day embargo from acknowledgement, extendable for active fixes. Coordinated disclosure with affected partners is the default. PGP fingerprint is published on the security page and rotated annually.

Safety, limits, failure modes

  • Self-custody is not optional. If you lose your wallet’s recovery method, your assets are not recoverable through TRUE.
  • On-chain transactions are irreversible. A signed and confirmed transaction cannot be undone by TRUE or by anyone else.
  • Geo-header data is best-effort and per-request. Do not cache it across users.
  • Disclosure embargos can be shortened on active exploitation; we will coordinate with affected partners ahead of public release.

See also

Last updated: