Is this safe to route value through?
The honest answer: we're built so you don't have to take our word for it. Nothing here asks you to hand us your keys or your funds, everything ships with its proof attached, and where we haven't proven something yet, we say so. Here's what's true — and how to check it.
Non-custodial. We hold no keys and move no one's money. BYOC by design.
Adversarially audited before it ships. Security posture →
Checkable proof — mutation-kill scores + signed attestations. See how it's built →
Live health, in the open. Live status →
1 · We never custody your funds
This is structural, not a promise. Our tools produce unsigned instructions; you sign, broadcast, and custody with your own wallet. There is no vault, no omnibus account, no on/off-ramp touching your money. If a product needed us to hold customer funds to work, we'd redesign it or drop it — see the "what we don't do" list.
2 · Audited before it ships — and the proof is attached
Every payment and security-relevant path goes through adversarial review and independent audit passes before it goes live. Where a module has a published provenance card, the claim links to the artifact: mutation-kill scores (does the test suite actually catch broken behavior) and a signed wallet attestation. Read the full gauntlet on how it's built. Modules without a published card are labeled "audited; provenance card in progress" — we don't imply proof we haven't posted. Our cryptographic attestations are machine-callable and independently checkable at /.well-known/attestations.json — signed ed25519, verifiable against the XRPL checkout account's on-ledger key.
3 · We do our own security research
We actively hunt and responsibly disclose vulnerabilities in third-party protocols, and hold our own code to the same bar. To report an issue in ours, see Report a vulnerability or the machine-readable security.txt.
4 · The third parties we rely on
We're honest about our dependencies. The AI assistant sends your messages to a third-party large-language-model provider to generate replies (don't put secrets in chat). The site runs behind a standard CDN/proxy (Cloudflare) that sees request metadata. We use no third-party ad tracking and no advertising analytics. Full detail in the privacy policy.
5 · Downloads you can verify
The Preacher wallet installer publishes its SHA-256 next to the download so you can verify it before running, and we state plainly that it isn't code-signed yet (Windows will warn "unknown publisher"). We'd rather tell you than let you guess. Wallet →
6 · Verify the equity math yourself
Fifty50's equity splits aren't "trust us" numbers. Every finalized split is ed25519-signed, and each contribution's history is a tamper-evident hash chain — so you or your auditor can prove a split is authentic and its history unaltered, offline, without our database.
- Signed splits. Every /attribution response
carries an ed25519 signature over the partnership, model version, and each partner's share. Verify it
against our published key:
0747a15b80a069bfb86f427f86cc987f086560606eda6379da3bf2ce04fd0b1e - Tamper-evident history. Each contribution event is chained to the one before it; any edit, reorder, or deletion breaks the chain.
- Anchored on-ledger. That signing key isn't only posted here — our XRPL checkout wallet (rJRUQ…tPNU) has signed a statement vouching for it, so it inherits a root of trust anchored on the XRP Ledger. If anyone swapped the key, the signature would stop verifying. Machine-check it at /.well-known/attestations.json.
Check it yourself with our standalone verifiers — stdlib + cryptography, no Fifty50 install, nothing phoning home: verify a signed split → · verify an audit trail →. The fuller case for building this way: Verify, don’t trust →
7 · Honest about our stage
Frederick & Sons is early access and pre-revenue. We publish no customer logos, metrics or testimonials we don't have, and we keep an honest "known limitations" list rather than hiding what isn't done. If that costs us a sale, so be it — it's the point.