Keys are encrypted at rest
Every wallet key FeeDrop holds is encrypted before it is stored, and decrypted only in memory to sign a transaction.
FeeDrop needs to claim fees and run payouts, so it holds the key to a fee wallet. That key is encrypted at rest with a per-wallet scheme and only ever decrypted in memory for the moment it signs, then zeroed. Keys are never written to logs, never returned in an API response, and never shown in the browser except through the explicit recovery flow you control.
You can always get your key back
Set a recovery password and export the private key anytime, it is your wallet.
Set a recovery password on any managed wallet and you can reveal and export its private key whenever you want. The password is required to decrypt the export, it is confirmed on entry, and the key is shown once for you to store like cash. No password is ever needed to receive fees, only to export.
Automation can never overspend
A coin never deploys more than the creator fees it has actually earned.
Every autonomous action is bounded by a hard cap tied to the coin's own accrued creator fees. The engine tracks what has already been deployed per coin and will not exceed the total earned, so a bug or a bad tick can never drain more than the fees that came in. Airdrops also carry a floor so they never cost more in gas than they deliver, and a per-drop ceiling.
It supports the chart, it does not dump
Buys and distributions are paced and sized to live market conditions.
Before each action the engine reads live market telemetry and sizes the move to conditions. Buy & burns are small and continuous rather than one large spike, and airdrops accrue to a meaningful size before firing. Airdrops are sent as direct on-chain transfers, no obfuscation or hop chains, so the flow of funds is fully transparent.
No credentials live in the code
Every secret is read from the environment, never hardcoded or committed.
API keys, tokens, and app secrets are read from environment variables at runtime, never hardcoded in source and never sent to the browser. The public config endpoints expose only what a browser legitimately needs (a public app id, for example) and nothing that could move funds. Connected X app keys are encrypted like wallet keys and verified before storage.
Only you touch your coins
Every action is gated by sign-in, and sensitive controls are locked to the owner.
Managing a coin, claiming fees, or moving funds all require an authenticated session tied to your account. Operator-only controls sit behind a separate superadmin gate. Public pages are read-only by design, they show proof without exposing a single control. During private beta, access is gated so only invited users can act while anyone can still browse.
Built to degrade gracefully
External calls are rate-limited, retried with backoff, and cached, so the platform stays up when providers wobble.
Requests to on-chain and market data providers are routed through a shared client with rate limiting, retries, and exponential backoff on errors. Hot public data is cached and de-duplicated so many visitors share one upstream fetch, and durable jobs are database-backed with retry runners, so claims, distributions, and LP injections finish on their own and survive restarts.
Every action leaves a record
Fees claimed and actions taken are logged per leg and shown publicly.
Every claim, airdrop, burn, and LP injection is written to a per-leg ledger and surfaced on the coin's public page. The 5% platform fee is disclosed and applied transparently. Anyone can verify on-chain what happened to the fees. For the mechanics behind all of this, see how it works.