All docs

Docs

Privacy model

A factual data-flow: what the client handles, what the server handles, and what is never stored.

Design principle

Vaelun is intentionally client-heavy for sensitive workflows. Transaction data, balances, and intent contents are handled in your browser and are not stored server-side by the application.

What the client handles

  • Wallet connection and signing — keys never leave your wallet.
  • Building and signing intents; the signed payload is forwarded to be filled, not warehoused.
  • Displaying balances and positions fetched live.

What the server handles

  • Verifying a login signature and issuing a signed session cookie — no password, no PII to authenticate.
  • Proxying quote, publish, and status calls and attaching server-only credentials; request bodies are validated, not stored.
  • Single-use nonces and rate-limit counters, kept briefly with short lifetimes.

Third-party processors

Depending on configuration, the routing and solver services, a Redis provider, RPC providers, and optionally a database and error-monitoring service may process data. Each sees only what its function requires.