You keep 100% of every sale. No one can freeze your account. No one sells your payment data. That's what self-hosted means for a merchant.
We could have built ArxMint as a hosted platform — sign up, get an API key, start accepting Bitcoin. Faster to build, easier to explain. We didn't. The reason isn't philosophical. It's that the hosted model would make ArxMint a middleman, and middlemen get regulated into charging you fees, demanding your identity, and controlling your money.
The Hosted Trap
Here's what a hosted Bitcoin payment platform looks like from a regulator's perspective:
- Customer sends Lightning payment to ArxMint's node
- ArxMint holds the sats (even for a millisecond)
- ArxMint settles to the merchant's wallet
That middle step — ArxMint touching the funds — is money transmission. Full stop. FinCEN's 2019 guidance is unambiguous: accepting and transmitting convertible virtual currency makes you a Money Services Business. Registration, AML programs, suspicious activity reporting, the works.
It gets worse at the state level. Up to 49 states require separate money transmitter licenses. The CSBS Money Transmission Modernization Act standardizes some of this, but states diverge on whether virtual currency is even covered. South Dakota requires you to hold like-kind crypto reserves equal to all customer obligations. Florida sweeps Bitcoin kiosks into MSB definitions. The compliance cost for a startup is measured in millions.
The Payment Processor Exemption Doesn't Apply
Stripe and PayPal avoid some of this through the "payment processor exemption." The exemption requires operating through clearance and settlement systems that only admit BSA-regulated financial institutions. Public blockchains are permissionless — they don't qualify. FinCEN has explicitly and repeatedly ruled that crypto payment processors cannot use this exemption.
So if ArxMint hosts checkout and processes payments, we need federal MSB registration, multi-state licensing, EU MiCA CASP authorization, and UK FCA registration. For a startup building open-source software, that's a non-starter.
The Self-Hosted Alternative
BTCPay Server proved the alternative model works. The key insight: if you provide open-source software and the merchant runs it themselves, you're not a money transmitter. You're a software provider.
FinCEN's guidance explicitly states that developers providing "unhosted wallets" — software where the user maintains independent, exclusive control over their private keys — are exempt from BSA obligations. The DOJ's 2025 safe harbor extends this to "software that is truly decentralized and solely automates peer-to-peer transactions" where "a third party does not have custody and control over user assets." EU MiCA Article 2 exempts "hardware or software providers of non-custodial wallets."
This is ArxMint's architecture:
HOSTED (money transmission):
Customer → ArxMint node → Merchant
ArxMint holds custody, even momentarily
SELF-HOSTED (legally protected):
Customer → Merchant's own ArxMint node
ArxMint = open-source software only
The merchant runs their own LND node. Their own Cashu mint. Their own checkout page on their own domain. Invoices are generated by the merchant's own infrastructure. Payments flow peer-to-peer from customer to merchant. ArxMint never touches, holds, or routes funds.
What "Non-Custodial Infrastructure Services" Means
Self-hosted doesn't mean unsupported. ArxMint provides optional infrastructure services — provisioning VPS instances, managing DNS subdomains, pushing signed software updates, storing encrypted backups. These services help merchants run their nodes without being sysadmins.
The critical distinction: ArxMint can create and destroy infrastructure, but cannot move, freeze, or redirect funds. We don't retain SSH keys after bootstrap. Backups are encrypted locally with a key derived from the merchant's seed phrase — we store encrypted blobs we literally cannot decrypt.
This is the FinCEN boundary between a "hosted wallet provider" (MSB) and an "unhosted wallet software provider" (not MSB). The test is "total independent control over value." If ArxMint cannot unilaterally move the merchant's sats, we're on the right side of the line.
API Keys Are Local, Not Remote
In a hosted model, an API key triggers actions on a remote server controlled by the platform. In ArxMint's model, API keys are L402 macaroons scoped to the merchant's own node. They're local authorization tokens, not remote custody triggers.
arx_pub_ tokens can only create invoices on the merchant's node — safe to embed in client-side code. arx_live_ tokens have full node access but never leave the merchant's infrastructure. ArxMint (the company) never sees, generates, or stores these tokens. The merchant's node creates them at setup.
The UK Nuance
The UK's Financial Conduct Authority applies a narrower "technical service provider" exemption. ArxMint must avoid "arranging" transactions — a term that could stretch to cover DNS routing or tunnel management if interpreted aggressively. The upcoming FSMA cryptoasset regime (expected October 2027) will include "arranging deals in cryptoassets," so ArxMint's architecture is designed with this future perimeter in mind.
Providing DNS for merchant nodes is infrastructure, not exchange. Running Cloudflare Tunnels for connectivity raises a "middleman" question, but current AML language is anchored to arranging exchange, not transport. We're watching this closely.
What This Means for Merchants
You run the node. You hold the keys. You keep 100% of every sale. No one can freeze your account, reverse a payment, or sell your transaction data. The trade-off is that you're responsible for your own infrastructure — but ArxMint's provisioning service makes that feel like downloading an app, not administering a server.
The legal architecture isn't a constraint. It's the feature.
Accept payments directly. No fees. No middleman. No permission needed. That's what self-hosted buys you — and no regulator can take it away, because there's no one in the middle to regulate.