Your money sits on a double entry ledger that the database itself keeps honest, behind signed deposits, maker checker withdrawals and segregated custody. Not a promise on a page, but controls you can inspect.
Here is a real withdrawal as the ledger records it. The client wallet is debited, the payout and fee are credited, and the database will not accept the entry unless the two sides match to the cent.
Four controls keep the money truthful: balanced entries enforced in the database, daily reconciliation, signed and idempotent payment webhooks, and a fully reason tagged history.
Double entry, enforced at the database
Every balance change posts as a balanced debit and credit pair. Database triggers reject any entry that does not balance, so a wallet balance is always a provable projection of the ledger, never a number edited by hand.
Σ ledger = wallet balance
Daily reconciliation with drift alerts
A reconciliation job recomputes balances from the ledger and compares them to the stored wallets. If a single cent drifts, it raises an alert rather than papering over the difference.
Reconciled · alert on any drift
Signed, idempotent webhooks
Payment provider callbacks are HMAC-SHA256 signed and verified in constant time, then deduplicated on their reference. A redelivered webhook is recognised and ignored, so a deposit can never be credited twice.
HMAC-SHA256 · idempotent on reference
Reason tagged, with balance snapshots
Each entry records why it was written and the running balance at the moment it posted. The history reads as a complete, ordered account of every movement, not a bare list of numbers.
Reason tag · running balance
Account security
Your login, locked down by default
Strong authentication, full visibility of where you are signed in, and scoped credentials for anything programmatic, so control of the account stays firmly with you.
2FA with backup codes
Time based one time passwords to RFC 6238, with single use backup codes issued at setup so a lost device never locks you out of your own funds.
Sessions and devices
Every active session and known device is listed with its last activity, and any of them can be revoked on the spot. A full login history sits alongside it.
Scoped, hashed API keys
Programmatic keys are scoped to read or trade, stored only as a hash, and revocable at any time. The secret is shown once and never again.
Anti phishing code
A private phrase you choose appears in genuine Auexus emails, so a message that lacks it is a forgery you can spot at a glance.
Withdrawal whitelisting
Funds leave only to addresses you have added to your whitelist, closing the door on a payout being redirected to somewhere you never approved.
Compliance
Oversight that is built in, not bolted on
Tiered identity verification, a worked anti money laundering process, role based access with maker checker on sensitive actions, and an audit log that cannot be quietly edited.
KYC, levels L1 to L3
Identity is verified in tiers through multi document review, with higher limits unlocked as more is confirmed. Verification depth is matched to activity.
AML alerts and resolution
Anti money laundering alerts carry a severity and move through a defined resolution workflow, so nothing flagged is left without an owner or an outcome.
Role based access, maker checker
Five roles across six permission keys govern who can do what, and sensitive actions require maker checker: one person requests, a second approves.
Immutable audit log
Every administrative action is written to an append only audit log, recording who acted, what changed and when, so the record can be reviewed but never quietly rewritten.
Assurance
Your capital, kept at arm's length from ours
The strongest safeguard is structural. Client assets are segregated from company funds and held with regulated custodians, while independent auditors and the ISO 27001 framework hold the controls to an outside standard rather than our word.
Independently audited · ISO 27001 aligned
Segregated client assets
Client funds are held separately from company funds, so your capital is never commingled with the operating balance of the business.
Regulated custodians
Assets are held with regulated custodians, keeping safekeeping in the hands of supervised institutions rather than the platform alone.
Independently audited
The platform is reviewed by independent auditors, so the controls described here are checked by parties with no stake in the answer.
ISO 27001 aligned
Information security is run to the ISO 27001 framework, applying a recognised standard to how data and systems are protected.
Trust is a thing you can audit.
Open an account on a platform where every balance reconciles, every withdrawal is checked, and every administrative action is on the record.