Your keys, your funds.
Non-custodial by design.
Zap.Tips is a bring-your-own-key wallet. We cannot see your funds and we cannot move them, because your key never reaches us. Here is exactly how that works.
Four steps, one guarantee.
You bring your own key
Zap.Tips does not issue keys or hold accounts. You paste your own BitcoinVN API key into the app once.
Encrypted on your device
The key is run through PBKDF2 with 210,000 iterations, then sealed with AES-GCM using a passphrase only you know. This happens in your browser.
Only ciphertext is stored
The encrypted blob lives in your browser localStorage. The plaintext key is held in memory for the session only and is gone when you close the tab.
Money moves browser-direct
Every exchange call goes straight from your browser to BitcoinVN. Lightning runs client-side over NWC (Nostr Wallet Connect). Your key never touches a Zap.Tips server.
What to keep safe
Two things, and only you hold them: your BitcoinVN API key, and the passphrase that encrypts it. If you lose the passphrase, the stored ciphertext cannot be opened and you will need to re-enter your key. Keep both somewhere private.
What we can and cannot do
We cannot see your key, read your balance, or move your money. We serve the app and proxy public exchange data. Everything that touches funds runs in your browser, direct to BitcoinVN over your own credentials.
Non-custodial, plainly.
A custodial option may come later for people who want it. For now, you are the only one who can spend your balance. That is the point.