Trust Center
Verifiable trust, not just a promise.
Self-custody only matters if it actually holds. Here’s exactly what we store, what we never touch, and how to reach us about security.
What the backend stores
- •Public addresses & extended public keys (xpubs)
- •Transaction hashes and public on-chain metadata
- •Account basics for sign-in (email/phone for OTP)
- •Encrypted ciphertext for optional recovery — never the key to decrypt it
What it never stores
- ✕Your seed phrase or mnemonic
- ✕Any private key
- ✕Your passphrase
- ✕Signed transaction hex
How it holds
Keys are generated and kept on your device
Your seed and passphrase are created on-device and held in the OS keychain (biometric-gated, device-only, never cloud-backed). They never reach our servers.
The crypto layer is physically isolated
The signing code is a pure keys-in → signed-bytes-out layer that is forbidden from importing any network or storage client — enforced in CI. It cannot phone home even by mistake.
Prepare → sign → relay
Servers only prepare unsigned context and relay what your device signs. There is no code path by which we could move your funds.
Data minimisation
We collect the minimum needed to operate: public chain data plus what's required for sign-in. We never sell your data.
Report a security issue
Found a vulnerability? We want to hear from you. Email hello@spendthebits.com with “Security” in the subject and steps to reproduce. Please give us a reasonable window to fix before any public disclosure.
