Skip to content
SpendTheBits

Security model

Non-custodial isn’t a feature. It’s the architecture.

SpendTheBits is built so that we cannot move your money — even if we wanted to, even if our servers were compromised. Here’s exactly how.

Prepare → sign → relay

Every transaction in the app follows the same three steps. Only one of them touches a secret — and it happens on your phone.

1Server

Prepare

The backend assembles unsigned context — nonce, gas, chain ID, calldata. Public data only; no secrets.

2Your device

Signsecret never leaves

Your phone derives the key from the on-device seed and signs, in a crypto layer forbidden from touching the network or storage.

3Server

Relay

The signed bytes are broadcast through a firewall that re-screens the recipient and enforces your limits.

Four guarantees that always hold

Keys never leave your device

Your seed phrase and passphrase are generated on-device and stored only in the OS keychain (Face ID / biometric gated, device-only, never cloud-backed). The backend stores public data — addresses and extended public keys — never a secret.

Prepare → sign → relay

Our servers only prepare unsigned transaction context and relay what your device signs. Signing happens on your phone, in an isolated crypto layer that is physically forbidden from touching the network or storage.

Allowances, not custody

Recurring payments and streams run on a revocable on-chain allowance you sign once — not an escrow. You can revoke at any time. Automated actions are scoped to withdraw-to-you-only and capped by time and amount.

Defense in depth

Recipient risk-screening, an anti-swap broadcast firewall, bank-grade spending guardrails, a one-tap freeze, clear-signing, an address-poisoning guard, and quarantine of unverified scam tokens mean you always see and control exactly what you approve — and only genuine funds ever count as yours.

Feature by feature

Seed & keys
Generated on-device, stored only in the OS keychain (biometric-gated, device-only, never cloud-backed).
What the server stores
Public data only — addresses and extended public keys. Never a seed, private key, or signed transaction hex.
Autopay & streams
A revocable EIP-2612 allowance you sign once. An allowance, not an escrow — revoke any time.
Earn automation
Scoped on-chain to withdraw-to-you-only, capped by amount and time. A server compromise could only return funds to you.
AI Copilot
Prepare-only. It can draft an action and explain it, but every transaction is signed on your device.
Recovery
Guardian-based Shamir shares, M-of-N threshold, owner-cancellable. The server stores only ciphertext.

Defense in depth, on top of self-custody

Recipient risk-screening

Sanctions/scam checks and address-poisoning detection before every send.

Broadcast firewall

Binds the screened recipient to the broadcast so it can’t be swapped after you approve.

Spending guardrails

Per-tx and daily caps, allowlists, quiet hours, new-recipient cooldown.

Freeze / panic

One tap hard-blocks all sends instantly.

Clear-signing

You see the exact recipient, amount, and chain before you sign.

Scam-token quarantine

Inbound transfers from unverified contracts are flagged and never priced into your balance.

Encrypted backup

Optional encrypted cloud backup — only you hold the key to decrypt it.

Hold your crypto the way it was meant to be held.