Frederick & Sons · Insight

Non-custodial by default: when the software never holds your keys

Most software that claims to move money for you ends up holding the keys. That is the default. It is also the failure mode.

In crypto this is not a theoretical risk. It is the pattern that produces every major loss: a hot wallet under someone else’s control, a service that “just needs” signing authority, a black box that promises autonomy while quietly becoming the custodian. Once the software can move funds, the software is the attack surface. Your keys are no longer yours. The provider’s security posture becomes your security posture. Their legal exposure becomes yours. Their incentives drift from yours the moment they hold the assets.

Bring-your-own-custody (BYOC) rejects that model entirely. The software never holds keys. It never signs. It never broadcasts. It never moves funds. You keep custody. You keep the private keys. You keep the final authority. The software’s only job is to surface unsigned instructions. You decide whether to sign them, how to sign them, and when to broadcast them. That is the entire relationship.

This is not a feature toggle. It is the only architecture that stays honest under adversarial conditions.

The problem with “autonomous” custody

Autonomous money movement sounds clean until you look at who actually controls the private keys. Most systems solve the hard part by taking custody. They run the wallets. They hold the seed material or the signing infrastructure. They become the intermediary that can act without you. That convenience is the liability.

When the software holds the keys:

Crypto-savvy operators already know this. You do not hand seed phrases to a SaaS dashboard and call it progress. You do not grant unlimited signing rights to a third party and pretend the risk is managed. Yet that is exactly what most “autonomous” money tools require. They sell the outcome of movement while quietly requiring the surrender of control.

The result is a false choice: either stay fully manual, or give up custody to get automation. That choice is unnecessary. It is also unsafe.

What BYOC actually means

Bring-your-own-custody means the customer supplies and retains every element of custody. Your wallets. Your keys. Your signing environment. Your broadcast path. The software never receives private keys, never stores them, never has access to them, and never acts as a co-signer or multi-sig participant that could move funds without you.

Concretely: we emit unsigned instructions. The customer signs, broadcasts, and custodies. We never hold or move funds.

That sentence is the product boundary. Everything else is decision support. The software can surface what it believes should happen next. It cannot make it happen. You remain the only party that can authorize and execute.

This is not “non-custodial until it is convenient.” It is non-custodial by default and by design. There is no path inside the system that lets us take possession of assets. There is no privileged mode that lets us sign on your behalf. The attestation and disclosure on /trust make this public and checkable. We publish the stance so you do not have to take our word for it.

Why this is the only safe model for autonomous money movement

Any system that can move funds without the owner’s explicit, independent signature is a custodian in practice, regardless of the marketing language. Custody creates a honeypot. It creates a single point of failure. It creates a party whose interests can diverge from the asset owner’s under stress—legal, technical, or commercial.

BYOC removes that party from the fund path. The software can fail, be compromised, or be shut down and the assets remain under the customer’s control. The worst case for the software is that it stops producing useful unsigned instructions. It cannot drain wallets. It cannot freeze balances. It cannot re-route funds. Those powers never leave the customer.

For security-conscious buyers this is the only model that survives scrutiny. You already run your own custody. You already have signing workflows, hardware, multi-sig setups, or institutional processes. You do not need another party to become a co-custodian. You need software that respects the boundary you already enforce.

The outcome is straightforward: you get the decision support required for autonomous-style money movement without surrendering the keys that make the movement yours. The software proposes. You dispose. Control stays local. Liability stays clear. The attack surface stays on your side of the fence, where you already manage it.

Proof, not promises

We do not ask you to trust a black box. We emit unsigned instructions; the customer signs, broadcasts, and custodies. We never hold or move funds. That claim is backed by the public attestation and disclosure on /trust. Read it. Verify it. Hold us to it.

Boundaries. This is software and decision-support only. It is not investment advice, legal advice, tax advice, or financial advice. It is non-custodial. You remain solely responsible for your keys, your signatures, your broadcasts, and your compliance obligations. We do not take possession of assets at any point.

What you actually get

You get a system that can operate at the speed of markets and rules without ever becoming a custodian. You keep the sovereignty that made you choose crypto in the first place. You avoid the regulatory and operational drag of third-party custody. You eliminate the class of failures that only exist when someone else holds the keys.

The software stays on the correct side of the line: it informs, it surfaces, it prepares. It does not execute. Execution remains yours. That separation is the product. Everything else is noise.

If you are evaluating tools that claim autonomy over money, start with the custody question. If the answer is anything other than “we never hold keys and we only emit unsigned instructions that you alone can sign and broadcast,” walk away. The rest of the feature list does not matter once the keys are gone.

Review the public attestation and disclosure for yourself at /trust.

Built on this principle

This isn’t a slogan — it’s how everything we ship is wired. Sentinel, the compliance and settlement layer, verifies rules and relays a client-signed transaction, but never holds a key: you sign, it records. Fifty50 computes and signs a fair, explainable equity split while every party keeps their own keys. The rest of the stack is self-hostable software you run on your own infrastructure. Non-custodial isn’t a mode we offer — it’s the only mode there is.

Verify it yourself → Talk to us →

Not a securities offering. Not investment, legal, tax, or financial advice. We do not custody or transfer funds — you hold your own keys and funds. Software / decision-support only.