Crypto products take five shapes.

Issue wallets, collect on-chain, pay out — without owning a custody stack.

Your platform owns the customer, the UX, and the ledger. zenvault owns the wallets. Outbound payouts queue, hit a policy gate, and emit a webhook back to your callback service when state changes.

• Per-merchant vault accounts with stable deposit addresses.
• Destination allowlist on outbound payouts; one-time addresses gated by your KYT pipeline.
• Webhook every state transition — transfer.completed, transfer.failed, and the ones in between.

Counterparty allowlists, trade-ticket-shaped policy, separation of duties.

Your workflow service approves the trade. zenvault holds the keys. The cosigner policy matches each pending transfer to a customer ref of the form workspace:idempotency-key — so a compromised workflow service can't manufacture a transfer that zenvault doesn't expect.

• Per-counterparty external wallet allowlist, asset-scoped.
• Cosigner policy matches transfers on namespaced customer refs.
• Audit log surfaces who approved what, when, with what reason.

Hot/warm/cold topology with sweep and rebalance driven from your treasury.

Account purpose tags let your treasury logic address vaults by role rather than id. Internal transfers move funds across the topology. External transfers settle to user withdrawal addresses through the same policy gate.

• Account purpose tags drive your sweep and rebalance policy.
• Internal transfers reuse the same state machine and audit.
• Workspace-scoped credentials so a treasury compromise doesn't expose user data.

Multi-product holding with workspace isolation.

Multiple product lines under one organization, each with its own workspace. API keys are workspace-scoped — credentials never cross. Aggregated admin views give your finance team the picture without exposing one product's key to the rest of the org.

• Workspace per product. Environment per workspace (staging or production).
• Aggregated admin views cross workspaces for ops and compliance.
• Workspace audit log is the system of record for who touched what.

Programmable wallets per tenant, swappable underneath, audit-defensible.

Stand up branded crypto-touching features for B2B customers without exposing your internal custody complexity. zenvault is the engine; your platform is the brand. Each B2B customer can have its own workspace, its own allowlist, its own webhook destination.

• Multi-tenant by construction. Workspace is the tenancy boundary.
• Each tenant's allowlist and audit are theirs alone.
• Per-tenant rate limits so a misbehaving tenant can't spill onto neighbours.