Plain English. No jargon. The math version is one click away — for compliance counsel, procurement reviewers, or anyone who wants the cryptographic details.
Is my money safe?
Your money never sits with us. It moves directly to your bank or your wallet. We just write the receipts.
For the rails where money does briefly move through a partner (card-on-ramp, the ACH/wire banking partner), that partner is a regulated financial institution with its own license. We're not the institution; we're the rail and the receipt layer.
How a payment receipt actually works.
Five plain-English steps. No technical terms. If you want the cryptographic details, switch to the compliance-counsel view above.
Take a fingerprint of the payment
The moment your customer hits "Pay $50," we compute a unique digital fingerprint of the payment details — who's paying, who's getting paid, how much, when, on which rail. Change one cent and the fingerprint changes completely.
Send the money on the chosen rail
Bank, wire, card, Bitcoin Lightning, or stablecoin. The money moves directly between your customer and you — we're not in the money path. Different rails take different amounts of time, from 3.6 seconds (Lightning) to 48 hours (ACH bank transfer).
Sign the receipt twice
The receipt gets signed twice — once with today's standards (the same math behind U.S. banking) and once with a signature built to survive future quantum computers. A forger would have to break both at the same time.
Lock it into the public record
Every receipt joins the hour's batch, and the batch is added to a public record that can be added to but never edited or deleted. The record is verifiable forever, even if we go out of business.
Anyone can check
Open epochpay.today/verify, paste the receipt, get a green check or a red X — and a plain-English answer like "This payment is real. It happened on Tuesday, May 14, 2026 at 2:17 PM. The amount was $50.00." No account, no API key, no calling us.
Who's behind it.
EpochPay is operated by EpochCore LLC, a Delaware-formed company headquartered in Huntersville, North Carolina. The rail is part of the EpochCore family of products — receipts, payments, document attestation. The shared trust hub is at epochcorellc.com/trust; that's a good place to start if you're evaluating the family as a whole.
Money-transmitter licensing is in progress; ACH and wire rails are in pilot with a banking partner. The card, Bitcoin Lightning, and stablecoin rails are live in all 50 states today.
The 20 technical terms our developer docs use.
If you ever see one of these on another page, hover or tap it for the plain-English version. Margaret-grade glossary, no nested jargon.
Want the math behind that?
Switch to the compliance-counsel view (button at the top, or click here) for the cryptographic details, the WORM chain mechanics, the FinCEN MSB filing state, the SOC 2 roadmap, and the full regulatory posture.
Trust · compliance-counsel view · 2026-05-17
How an EpochPay receipt holds up.
Every payment intent and every receipt carries a post-quantum signature (NISTML-DSA-65 / FIPS 204), routes through the flash_sync edge mesh, and is sealed into a public WORM chain anyone can verify with no API key. This view is for the people doing diligence on the rail — security teams, procurement, compliance counsel.
How a payment receipt actually works.
Six steps from API call to publicly-verifiable receipt:
Issue intent
POST /v1/intents — the merchant signs the intent with their API key; we sign it with our ML-DSA-65 service key. The intent envelope captures payer, payee, amount, currency, rail.
Route through the mesh
Every call traverses the flash_sync edge-capsule mesh; each hop adds a trace header. You can see the trace on any response and on the /swap page's hop-trace pane.
Settle on the chosen rail
Five backends — ACH (~48h), Wire (~4h), QSWT (~6 min), Base L2 (~3 min), Lightning (~3.6s). Same signed receipt format on all five.
Sign the receipt
The receipt carries the same ML-DSA-65 signature scheme over the canonical receipt hash. Public key fingerprint at /v1/pay/pubkey.
Seal in the WORM chain
Every intent + receipt is appended to a SHA-256 / SHA3-512 / BLAKE3 triple-hash chain, write-once-read-many. Chain head is published at /v1/waterseal. Aligned with SEC 17a-4(f) electronic-storage rules.
Anyone can verify
Open /verify, paste the intent and receipt JSON, get a yes/no answer plus the chain link. No API key, no account, no call to us.
The promises we make.
Post-quantum signingEvery intent and every receipt is signed with ML-DSA-65 (NIST FIPS 204). No classical-only signing path in the rail. Public key + fingerprint published at /v1/pay/pubkey.
WORM retentionReceipts are sealed into a triple-hashed (SHA-256 + SHA3-512 + BLAKE3) WORM chain. Retention default 7 years, configurable to 10 years for SEC 17a-4 / FINRA Rule 4370 alignment. Chain head at /v1/waterseal.
Public verifier, no API keyThe /verify page accepts any intent + receipt JSON and returns a yes/no answer plus the chain link. Procurement teams can run their own diligence without contacting us.
D-KaP-sealed visual snapshotsEvery public page on epochpay.today is captured nightly via Cloudflare Browser Rendering and sealed (pixelHash · blake3 · sha3-512 · ed25519). Tampering with a UI claim breaks the seal. See /snapshots.
SOC 2 Type IIIn progress. Evidence collection is live. Type II report target: Q4 2026. Bridge letter available on request via trust@epochpay.today.
FinCEN MSB registrationFiling in progress. Number to be published here once registration completes. Until then, EpochPay operates the developer rail; merchant-of-record obligations remain with the merchant.
State money-transmitter licensingState-by-state matrix tracked at /trust/regulatory. All entries currently show "in progress".
FedRAMP & ISO 27001Boundary scoping in progress; not currently authorized. We do not claim authorized status. See /trust/regulatory for the roadmap.
Run on CloudflareWorkers, D1, R2, KV at 300+ edge cities. Settlement transactions on Base L2 use Coinbase's public Ethereum-style L2; ACH/Wire routes use a regulated banking partner under the merchant's name.
Sub-processors, residency, regulatory posture.
Detail page lists every third party in the receipt path, the data each one sees, the state-by-state money-transmitter matrix (all currently "in progress"), and the FinCEN MSB filing state.
Vulnerability reports go to security@epochpay.today; same-day acknowledgment, 5-business-day triage, coordinated disclosure timelines on request. Researcher-side details (scope, severity guidance, safe-harbor) live in /.well-known/security.txt per RFC 9116. Full policy at /security.
Build receipts.
Every shipped version of the dkap-pay worker is sealed into the same WORM chain as your payment receipts. So the question "what code was running when this payment cleared?" has an answerable, signed answer.
EpochPay is operated by EpochCore LLC, a North Carolina limited-liability company. Cross-product trust hub at epochcorellc.com/trust — covers Sealed (SMB receipts), Proof (PDF watermarking), Quantum AI Platform, and the public verifier.