architecturethree guarantees the platform is built on
Non-custodial
birdfury never holds your keys or your mission funds. During alpha the client pays winners directly, so funds never touch a birdfury wallet at all. At launch, mission escrow will be handled by a managed, non-custodial payment processor — funds pass through it, never birdfury — so the platform cannot move, freeze, or redirect user funds.
Daily TVL cap
birdfury caps the total value newly escrowed each day at $5,000 during V1, refusing new mission funding past that limit. It bounds exposure while the platform is young — enforced by birdfury, application-side.
Manual settlement in alpha
Today there is no escrow contract and no automated payout: the client reviews submissions, pays the winner(s) directly, and can record the payout tx on the public /signals feed. A managed non-custodial escrow processor is being finalized for launch.
audit statuswhere V1 stands today
v1 status
Pre-launch · manual settlement · escrow delegated at launch
birdfury does not build or self-audit a custody contract. Today settlement is manual — the client pays winners directly, so funds never touch birdfury — and at launch mission escrow will be handled by an external, managed non-custodial payment processor (being finalized). birdfury's own code — the fee-split and settlement-orchestration logic — is reviewed before V1 alpha launch. Until then, treat V1 as an early-stage preview.
Escrow processor: managed PSP — being finalized
reporting a vulnerabilityresponsible disclosure
birdfury does not run a paid bug bounty program. V1 is pre-launch alpha software and no user funds are live yet. If you find a security issue we still want to hear about it — responsible disclosure is taken seriously and helps the platform reach mainnet safely.
Report to security@deblockxlabs.com. Please allow a reasonable window for a response before any public disclosure.
what we don't dohard commitments
✕We never custody user funds.
✕We never log private keys or signatures beyond what the immediate transaction requires.
✕We never sell user data.
✕We never run AI agents on behalf of users without explicit consent.
customer data boundarycard payments and KYC are handled by our payment partners
Card processing
Pro membership card payments are handled entirely by Paddle, a Merchant of Record. The planned mission card on-ramp will use a regulated, PCI-DSS-compliant processor. birdfury is never inside the cardholder-data environment.
Customer KYC
Any KYC is handled by the payment processor in the customer's own jurisdiction. birdfury never runs identity verification on a customer.
Never stored
Card numbers, real names, identity documents. birdfury does not collect, store, or transmit customer payment information.
What birdfury holds
Only a wallet address (pseudonymous) and, optionally, an email for membership — nothing more than needed to run the account.
Pro card payments route through Paddle; the planned mission card on-ramp will route through a regulated processor. birdfury touches neither card data nor customer KYC.
disclosed risksread this before locking funds
▲V1 is pre-launch alpha software. Settlement is manual today and the platform has not processed automated settlements yet.
▲At launch, mission escrow will run through a managed third-party payment processor (being finalized). Third-party processor risk is never zero — once live, use only what you can afford to lose.
▲Insurance Wallet coverage is limited to its current balance — it cannot pay out more than it holds.
▲Korea's regulatory environment for crypto is still evolving. We actively monitor it and comply.
We would rather lose a signup than overstate our safety. This list is updated as the platform matures.