Decentralized by design
X-Multi is a client-side application that interacts directly with the XRP Ledger — a public, decentralized blockchain. We do not operate as a financial institution, custodian, or intermediary. We do not hold, control, or have access to your funds, keys, or digital assets at any time.
What we do not collect
- Private keys, seed phrases, or passwords — these never leave your browser
- Personal identity information (name, email, phone) unless you voluntarily provide it in notification settings
- Transaction contents — all proposals are between you and the XRP Ledger
- Behavioural analytics, marketing cookies, or tracking pixels
What we store
- Vault metadata — vault names, descriptions, and network configuration (stored in our database to coordinate proposals between signers)
- Proposal data — unsigned transaction details, signature blobs, and proposal status (required for the multisig coordination workflow)
- Personal-mode data — savings goals (escrow targets), saved address-book entries, sign-request payloads, and POS/order metadata if you use those features. Tied to your XRPL address.
- Notification preferences — email and phone number if you choose to enable notifications (optional, never shared)
- XRPL addresses — public wallet addresses used to identify vault membership (these are already public on the blockchain)
- Error reports — anonymised stack traces and error context sent to Sentry (tunnelled through our own /monitoring path, no third-party tracking domain). Used solely for debugging crashes; contains no seed phrases, passwords, or transaction signatures.
- Anonymised IP for rate limiting — short-lived counters in Upstash Redis to throttle abuse of public endpoints. Not retained beyond the rate-limit window.
Encryption
X-Multi's encrypted signing vault encrypts your seed phrase locally in your browser using AES-256-GCM with a key derived via PBKDF2 (600,000 iterations). The encrypted data is stored in your browser's local storage. We never receive, transmit, or store your unencrypted seed phrase or vault password. All encryption is performed using the browser's built-in Web Crypto API — no external cryptography libraries.
Blockchain transparency
All transactions executed through X-Multi are submitted to the XRP Ledger — a public blockchain. Transaction details, including sender, recipient, amount, and memo fields, are permanently visible to anyone. This is inherent to blockchain technology, not a choice made by X-Multi.
Third-party services
- WalletConnect — primary wallet connection method. Supports GemWallet, Crossmark, Joey, and other XRPL wallets. Subject to WalletConnect's privacy policy.
- Xaman (XUMM) — alternative wallet connection via OAuth PKCE. Subject to Xaman's privacy policy.
- XRPL public nodes — xrplcluster.com, ripple.com — used to read from and submit transactions to the XRP Ledger. Server-proxied so the browser doesn't talk to them directly.
- Supabase — used for database and proposal coordination. Data is stored in a secured, access-controlled environment.
- Market data providers — DexScreener, xrplmeta, OnTheDEX, and CoinGecko power the charts, token search, and XRP-to-USD price ticker on /trading and /home. Server-side proxied; only the token currency / issuer / symbol you query is sent to them, never your wallet address.
- Sentry — error monitoring for unexpected crashes. Client-side error events are tunnelled through our own /monitoring path so ad-blockers don't silently drop them. No personal data, no signing material — just stack traces and the URL where the error happened.
- Upstash Redis — rate-limit counters for public endpoints to prevent abuse. Stores short-lived per-IP counters only.
Your rights
You can disconnect your wallet at any time. Vault proposal data can be deleted upon request. Notification preferences can be cleared in the settings page. Your encrypted signing key can be wiped from your browser at any time by clearing local storage or using the vault reset option.