Cards that spend self-custodial balances.
Card payments authorized against on-chain balances the user still controls — no pooled custodial float behind the program.
Card programs normally make users hand their money to the program, which pools everyone's funds and holds the keys. Here, the spendable balance stays in a contract the user controls; when they tap a card, the authorization checks and locks their funds on-chain in real time. They get the convenience of a card without giving up custody.
Card programs normally pool user funds in a custodial account — the user gives up their keys just to spend with a card.
- 01On-chain authorization: each card auth checks and locks funds in a contract the user controls
- 02Self-custodial balances — keys stay with the user, not the program
- 03Settlement to the network with a full, provable trail
Users spend with a card while keeping their keys; the program never takes custody, and every authorization is provable on-chain.
The architecture, end to end.
Each box is a primitive we wrote and you own — legible all the way down, no black-box vendor in the path. Value flows left to right.
Spendable funds stay in a contract the user controls.
Each card auth checks and locks funds on-chain, in real time.
The authorization flows to the network like any card payment.
Settlement is provable on-chain, with no pooled custodial float.
- On-chain where enforcement matters; in your infrastructure where operation matters.
- Non-custodial by default — keys and funds stay with their owner.
- Audited line by line, then handed over: repository, runbook, and proofs.
The shape of the change.
One figure, measured honestly. The rest of the gains are in the table below.
Legacy vs the system we built.
| The legacy way | With Govart | |
|---|---|---|
| Custody | Pooled, program-held | Self-custodial, user-held |
| Authorization | Off-chain ledger | On-chain, real time |
| Float | Pooled custodial float | None |
| Proof | Trust the issuer | Provable on-chain |
Primitives, not black boxes.
Each layer is code you own and can read — written in-house, audited, and handed over. No rented dependency in the path of your money.
Self-custodial balance
Spendable funds stay in a contract the user controls.
On-chain authorization
Each tap checks and locks the user's funds in real time.
Provable settlement
No pooled custodial float; every authorization is on-chain.
Built as if it’ll be attacked.
In crypto, one mistake is terminal. We threat-model before we build — here’s what could go wrong, and what stops it.
The program pools funds and can lose them.
Self-custodial — funds stay with the user, not the program.
An off-chain ledger drifts from reality.
Authorization happens on-chain, in real time.
You're trusting the issuer's books.
Every authorization is provable on-chain.
Yours at the end. All of it.
The engagement ends — that’s the point. What stays is everything you need to run and extend the system without us.
The repository
Every contract and service, commented and documented — nothing withheld, no black box.
Audit reports
Internal review plus an independent third-party audit, your engineers reading along.
The runbook
How to operate, monitor, upgrade and recover — written for your team, not ours.
Keys & training
Full control transferred, and your engineers walked through it until it's theirs.
“Cards that spend balances the user still holds the keys to.”
Have something like this to build?
Disclaimer
Govart provides software engineering, technical advisory, and infrastructure services only. We advise on technology — not on financial, investment, legal, tax, or accounting matters. Nothing on this site is advice, an offer, a solicitation, or a recommendation.
We are not a bank, broker, custodian, exchange, payment processor, money-services business, or virtual-asset service provider, and we never hold, transmit, or take custody of client or end-user funds.
KYC, AML, sanctions screening, licensing, and regulatory compliance remain the responsibility of the operator that owns and runs each deployed system. We build the controls you specify; we do not act as your compliance function. Figures and examples shown are illustrative only.