Trust, but verify.

We use the official Solana Foundation wallet stack: @solana/wallet-adapter-react + @solana/wallet-adapter-react-ui, with wallets auto-detected via the Solana Wallet Standard . That means Phantom, Solflare, Backpack, Glow, and any standards- compliant wallet works with zero extra integration code from us.

When you click Connect Wallet, the wallet extension — not loredocs — handles the connection handshake. We only ever receive your public Solana address.

• Your seed phrase. Ever. We never display a field for it.
• Your private key. Wallet extensions sign locally; we only get back a signed transaction blob.
• Your other balances or token holdings — we don't query them.
• Anything off-chain about you. No email, no name, no IP profiling.

For each document you lock, your wallet pops up twice:

• A message signature (free) — proves you control the wallet. The exact text is shown to you in the popup.
• One SystemProgram.transfer of exactly 0.01 SOL to the public Lore treasury (~$2 at current prices). That's the entire fee.

That's it. We never ask you to:

• Approve token spending limits.
• Sign blind/opaque transactions.
• Transfer custody of any token or NFT.
• Call arbitrary on-chain programs.
• Auto-sign anything in the background.

Treasury address (audit any time): 9dC41Tyg…m4yv4nxb

• Documents storage bucket is private — PDFs are served via short-lived signed URLs, not guessable public links.
• Drafts table cannot be enumerated — read access is gated by an unguessable 22-character token (~131 bits of entropy) via a SECURITY DEFINER Postgres function.
• Every publish call is verified server-side: ed25519 signature check + on-chain SOL payment confirmation + replay protection.
• Strict security headers on every response: CSP locked to known hosts, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy.
• AI gateway calls are rate-limited per IP to prevent credit drain.
• Database errors are sanitized server-side — no schema details leak to the client.

Once a doc is sealed, the markdown or PDF is uploaded to Arweave via Irys. Storage is paid up front, in full, for 200+ years of redundant replication. We can't delete it. Neither can anyone else — including governments, hosting providers, or future loredocs owners.

Every locked doc page shows two trust links anyone can verify without trusting us:

• Arweave gateway link — pulls the raw bytes directly from the permanent network.
• Solscan transaction link — proves the 0.01 SOL fee was paid and by whom.

Drafts are not on-chain — they're temporary previews. Anyone with the secret link can read a draft. Anyone without the link cannot, and the draft table cannot be enumerated. Drafts auto-expire after 90 days. If you want permanence, lock it on chain.

Found a security issue? DM @cultofprintr on X with the details. Please don't open a public issue for anything that exposes user data — give us a chance to patch first.