Kronos is built for people who actually use their money — self-employed Americans, freelancers, independent earners. That means we take real responsibility for keeping it safe. Here is exactly how, in plain English.
USD ↔ stablecoin via HiFi, a licensed money-transmitter rails partner.
Up to $250,000 cash coverage via licensed partner banks.
AES-256 at rest, TLS 1.3 in transit.
Every money move requires Face ID, Touch ID, or OTP.
Licensed USD ↔ stablecoin on/off-ramp rails partner. Money Transmitter regulated. hifi.com.
Cash balances settle at licensed US partner banks providing FDIC pass-through insurance up to $250,000 per qualified beneficiary.
Bank-account verification + identity confirmation.
Card-payment + card-payout rails (planned).
KronosPay business banking + operations.
KYC, sanctions + PEP screening.
Your USD is held on regulated USD-pegged stablecoin rails via HiFi (hifi.com), our licensed money-movement and stablecoin partner. Cash balances settle at FDIC-insured partner banks, which provide FDIC pass-through insurance up to $250,000 per qualified beneficiary. You can move USD in and out as standard ACH at any time, and every credit and debit reflects on HiFi’s books in real time.
Your crypto wallet is non-custodial. Keys derive on your device from a 12-word recovery phrase that never leaves it — not to our servers, not to HiFi's, not anywhere. We can't move your crypto and we can't recover it for you. That's the point. Back up your phrase from Profile → Secret Phrase the day you sign up, and store it somewhere a fire or a stolen phone can't reach.
The Kronos card is issued through a regulated US card-issuing partner. We're currently evaluating Stripe Issuing, Lithic, Highnote, and Episode Six and will publish the chosen partner here once contracts are signed. Every card authorization routes through the issuer's real-time decisioning before ever reaching your USD balance — the issuer is the network-of-record for fraud monitoring, dispute handling, and Reg E compliance.
AES-256 at rest, TLS 1.3 in transit. Your secret crypto phrase and any private keys are stored only in your device's secure enclave (Keychain on iOS, Keystore on Android) — never in plain text, never on our backend. Sensitive fields like full account numbers are stored encrypted and decrypted only at the moment of use.
Every money-movement action — sends, withdrawals, card payouts, P2P transfers — is gated behind a fresh biometric (Face ID, Touch ID) or one-time passcode prompt before it leaves the app. There are no exceptions. Our fraud system also applies first-send caps to new recipients and new linked banks: a brand-new external account can't be drained in the first 24 hours.
Identity verification is run through Persona at signup, with sanctions and PEP screening on every account on an ongoing basis. Every external bank debit captures a NACHA-compliant authorization snapshot — the date you authorized it, the IP, and the exact disclosure text shown — which we keep on file in case a transfer is ever disputed. You can pull your own authorization records from any transaction's detail page.
In-app support is backed by Freshdesk and lands with a real person. Our internal goal is a first response within 4 hours during business hours and 24 hours on weekends. For anything money-related, the in-app error card opens a ticket with the full context attached automatically — transfer ID, error code, app version, screen — so you never have to dig for it.
If you lose your phone, your account is recoverable via email + a fresh device biometric, plus a secondary verification we step you through during onboarding. Your crypto wallet is the exception — because keys never leave your device, recovery requires the 12-word phrase you backed up at signup. Without it, the crypto in that wallet can't be moved by us, by HiFi, or by anyone else. That's a feature, not a bug — but it means backing up the phrase is mandatory, not optional.
RECOVERY PATH · LIVEWe publish real-time uptime for the parts of Kronos that touch your money: deposits, sends, card auth, P2P, and crypto. Background services (push notifications, marketing email) are tracked separately so a delivery hiccup never gets confused with a money-movement outage.
We're a pre-launch fintech. We don't yet have SOC 2 or a public bug bounty, and we won't pretend we do. Here's exactly where we are:
Email [email protected]. Reports of suspected vulnerabilities or unauthorized account activity trigger a same-day review. We acknowledge every report within 24 hours, fix valid issues on a priority schedule, and credit researchers in our public security log when fixes ship. PGP key available on request.
Last updated 2026-05-04 · © 2026 KronosPay LLC · 390 NE 191st St, STE 63415, Miami, FL 33179