PayWarden Cloud
Coming soon. PayWarden Cloud is currently in private beta.
What is PayWarden Cloud?
PayWarden Cloud is the hosted version of PayWarden — same open-source engine, zero infrastructure to manage.
- You don't run servers. We handle uptime, updates, and scaling.
- You pay monthly. Simple subscription with usage-based overage, no per-transaction fees on the chain.
Current vault architecture
In the self-hosted version, your vault is encrypted with a VAULT_KEY that only exists on your server. We never see it. This is fully non-custodial.
In the cloud version (current beta), your vault is encrypted using server-side envelope encryption:
- A server-side KMS key (AWS KMS in production, or a local master key in development) generates a one-time data key
- The data key encrypts your mnemonic; the encrypted data key is stored alongside the encrypted seed
What this means today:
- Your mnemonic is encrypted at rest and never stored in plaintext
- However, the server holds the encryption capability — it can decrypt your vault without your involvement
- There is no merchant-held second factor in the current implementation
- The current cloud architecture does not satisfy strict non-custodial guarantees
What this does NOT mean:
- It does not mean we access or move your funds — we don't. The server only decrypts the vault for address derivation and, if enabled, fund sweeping.
- It does not mean the encryption is weak — AES-256-GCM with KMS-managed keys is industry-standard envelope encryption.
Non-custodial roadmap
Our goal is to reach a true non-custodial architecture for the cloud version. The planned approach:
- Merchant-held second factor — During onboarding, a merchant-specific secret is combined with the server-side KMS key. Neither party alone can decrypt the vault.
- Client-side key derivation — The merchant secret never leaves the merchant's environment.
- Vault export — If you close your account, you can export your vault and migrate to self-hosted.
This is not yet implemented. Until it is, the non-custodial guarantee applies only to the self-hosted version.
Pricing (planned)
| Plan | Price | Included orders/mo | Overage | Support |
|---|---|---|---|---|
| Starter | $19/mo | 200 | $0.08/order | Community |
| Pro | $59/mo | 2,000 | $0.05/order | Email (48h) |
| Business | $149/mo | 10,000 | $0.03/order | Email (24h) |
| Enterprise | Custom | Custom | Custom | SLA + dedicated |
Join the waitlist
Cloud is currently in private beta. Join the waitlist →
Or follow us on GitHub to be notified: github.com/paywarden/paywarden