Mobleysoft Financial Infrastructure · Est. 2025

loom.cc

Sovereign Open Banking

Direct bank connections without intermediaries, data brokers, or 52-million-dollar settlements. Your financial data is yours. Sovereign by design.

Request Early Access Learn More

// What it is

The financial data layer,
returned to its rightful owners.

The open banking ecosystem has a structural disease: aggregators. Plaid. Yodlee. MX. Every one of them a toll booth between you and your own transaction history. They harvest, normalize, package, and sell your financial identity — sometimes in violation of the agreements that let them access it in the first place.

loom.cc replaces the aggregator layer entirely. We connect directly to bank APIs — OAuth-native, credential-free, no screen scraping, no data warehousing — and route through AuthFor, the Mobleysoft identity and auth layer, so your keys never leave your custody.

// The Problem

$52M+ settlements. Class actions. FTC investigations. Third-party aggregators monetizing financial behavior without meaningful consent. The infrastructure was built for utility and repurposed for surveillance.

// The Architecture

Direct OAuth 2.0 connections to bank-issued APIs. WebAuthn passkey authentication via AuthFor. No credential storage. No behavioral profiling. Your connection tokens live in your device's secure enclave.

// The Model

We charge for access, not for your data. Flat infrastructure fee. No affiliate arrangements with lenders. No lead generation. No undisclosed data-sharing agreements buried in a terms of service.

// The Guarantee

Zero data resale. Ever. Not to credit bureaus. Not to insurers. Not to employers. Not to hedge funds building alternative data products. The data moves from your bank to your application and nowhere else.

The aggregator model extracted an estimated $2.4 billion in revenue from financial data that consumers never consented to sell. loom.cc is the correction.

// Core capabilities

What sovereign banking infrastructure looks like.

Direct Connect

Raw bank API access. We integrate natively with institution-issued OAuth endpoints — no Plaid middleman, no Yodlee relay, no MX normalization layer. Your connection is a direct handshake between your application and your bank. We are the wire, not the warehouse.

No Aggregator

AuthFor Layer 5

Sovereign identity and authentication built on WebAuthn passkeys and the AuthFor protocol stack. No passwords. No shared secrets. Your private key never leaves your device's secure enclave. Layer 5 means application-layer authentication: identity lives at the session, not the server.

WebAuthn · Passkeys · Zero-Trust

Zero Data Brokers

We do not sell your transaction history. We do not share your behavioral patterns. We do not build inferred financial profiles. We do not participate in alternative data markets. Your spending data is a ledger, not a product. This is not a policy that will change in the next financing round.

No Resale · No Profiling

Open Protocol

The financial data layer belongs to the people who generate it. loom.cc publishes its connection specs, its auth flows, and its data schema under an open license. Any developer can build on the protocol. Any bank can certify against it. Sovereign infrastructure cannot be proprietary infrastructure.

Open Spec · Self-Hostable

// Doctrine

"Open banking" was supposed to mean the data belongs to the account holder. Instead it became a licensing regime that let a handful of aggregators sit between every American and their own financial history, extracting rent from both sides while selling behavioral data to anyone with a credit card and an API key.

We are building what open banking was supposed to be: direct, sovereign, and structurally incapable of becoming what it replaced. The loom weaves the thread. The thread belongs to you.
— Mobleysoft Financial Infrastructure, 2025

// AuthFor Layer 5

Identity that doesn't require trust.

AuthFor is the Mobleysoft sovereign identity and authentication protocol. It is not a login widget. It is not a third-party SSO provider you route your users through. It is a protocol layer — Layer 5, the session layer — that places cryptographic identity at the point where your application talks to the bank.

Your keys stay yours. AuthFor generates device-bound passkeys via WebAuthn. The private key lives in your phone's Secure Enclave or your laptop's TPM. It never touches a Mobleysoft server. Authentication is a local signature operation. What we receive is the proof — never the key.

This means there is no AuthFor credential database to breach. There is no password reset flow that can be socially engineered. There is no session token we could sell. The attack surface for credential theft is structurally zero.

// Technical Specification

Auth Standard WebAuthn / FIDO2

Key Storage Device Secure Enclave

Bank Auth OAuth 2.0 / PKCE

Token Scope Read-only by default

Data Retention Zero (session only)

Protocol Layer OSI Layer 5 (Session)

Credential Storage None — device only

Passkey Recovery iCloud / Passkey Sync

Protocol Spec Open — authfor.com

// Operating principles

What we will never do.

01. Sell transaction data. Not to credit bureaus. Not to insurers. Not to employers conducting financial background checks. Not to hedge funds or alternative data aggregators.
02. Store credentials. We never receive your bank password. We never store OAuth refresh tokens in a central database. Every token lives in encrypted local storage on your device.
03. Build behavioral profiles. Your spending patterns are not a product we are building. We do not run inference models over your transaction history. We route data; we do not analyze it.
04. Accept an acquisition that would require changing the above. The sovereignty of this infrastructure is structural, not merely a policy position that a new board could reverse.
05. Route through a third-party CDN for anything that touches auth or financial data. GravNova is the sovereign edge. We own the wire end to end.

// The sovereign finance fabric

One loom. Five threads.

loom.cc is not a standalone product. It is the central routing infrastructure for a sovereign financial fabric built entirely on Mobleysoft infrastructure. Each venture in the cluster is a thread in the same loom — purpose-built, separately deployed, architecturally unified.

loom.cc Open Banking · AuthFor Core weave.cc Financial data weaving · Cross-account aggregation weft.cc Horizontal data threads · Batch & sync layer thread.cc Sovereign payment rails · P2P transfers cashmere.cc Premium layer · Wealth & investment access

  AuthFor Layer 5 (loom.cc)
          |
  +-------+-----------+-----------+
  |       |           |           |
weave.cc  weft.cc   thread.cc   cashmere.cc
Cross-acct  Batch sync  Pay rails  Wealth layer
  |                       |
  +-----------+-----------+
              |
     GravNova sovereign edge
     5.161.253.15 -- no CDN, no CF
      

// Early Access

Request access to loom.cc.

We are rolling out to developers and financial infrastructure teams first. Leave your email and we will reach out when your integration tier opens.

Please enter a valid email address.

✓ You are on the list. We will be in touch.

No spam. No sharing. Sovereign by design.