Self-custodial. No KYC. No account. Just Bitcoin.
Lightning, Liquid, and on-chain — your seed phrase never leaves your device.
Real app. Dark theme.
Your balance. Your keys.
Balance shows 0 in demo mode — real payments require the installed app.
How it works
No accounts. No email. No KYC. Just a Bitcoin wallet that works.
01 — SETUP
A 12-word seed phrase is created on your device. We never see it, store it, or transmit it. Your seed is stored in the iOS Keychain — protected by the Secure Enclave.
02 — USE
Pay to any Lightning address, invoice, or on-chain Bitcoin address. The app picks the best route automatically — Lightning for speed, on-chain for finality.
03 — RECOVER
Set a backup PIN once. If you lose your phone, install the app, tap "Restore from backup," and enter your PIN. No seed phrase typing required.
Features
Core features are on by default. Advanced features are clearly marked optional — enable them when you need them.
Instant Bitcoin payments via Spark. Send to any Lightning address, invoice, or Spark address. Near-zero fees. Settle in seconds.
Fast, confidential Bitcoin sidechain transactions. Swap between Lightning and Liquid using non-custodial Boltz HTLCs. No middleman.
Native Taproot (P2TR) receive address. Send on-chain with live fee estimation. Your keys, your coins — no wrapping, no bridges.
Recover your wallet with a PIN — no seed phrase needed. Encrypted backup split across iCloud and our Key Server using 2-of-2 custody.
End-to-end encrypted peer-to-peer messages using the Nostr protocol. No phone number. No email. Disable in settings if unused.
Claim a username to receive to you@getcashu.com. Share a human-readable address instead of a QR code.
Separate wallets from one seed using BIP-39 passphrase (25th word). Savings vs spending, personal vs business — same device, different keys.
Import an xpub or zpub to monitor cold storage. View balances and transactions without exposing private keys. Read-only.
Your seed phrase, your keys, your coins. We have no access to your funds. No one can freeze, seize, or reverse your payments.
Technology
Every cryptographic primitive is audited open-source software. No proprietary black boxes. Click any row to explore the details.
Lightning / Spark
Lightning-fast Bitcoin transfers powered by Spark — a self-custodial off-chain protocol. Your keys sign every transaction. The node routes, you own.
Protocol: Spark — off-chain UTXO model, cooperative exits
Fallback: Boltz v2 submarine/reverse swaps (HTLCs)
Derivation: BIP-39 seed → 64-byte hex seed
Address format: Lightning invoices (BOLT11), Lightning addresses (LN-URL), Spark addresses
Learn more about the protocols and implementations behind Lightning and Spark payments.
Liquid Network
Bitcoin sidechain by Blockstream for fast, low-fee transfers with confidential transaction amounts. Atomic swaps with no trusted third party.
Protocol: Liquid Network (Elements sidechain)
Swaps: Boltz v2 HTLCs — atomic, non-custodial
Derivation: BIP-84 m/84'/1776'/0'/0/0 → P2WPKH
Settlement: ~1 minute block time
Transactions: Confidential (amounts hidden on-chain)
Explore the Liquid Network, Blockstream's technology, and the underlying libraries.
On-chain Bitcoin
Receive to a native Bitcoin Taproot address. No wrapping, no custodians. Send on-chain with real-time fee estimation from mempool.space.
Address format: BIP-86 Taproot (P2TR, bc1p…)
Fee estimation: mempool.space API
Send mechanism: Spark cooperative exit (small amounts) or Boltz submarine swap
Finality: Bitcoin mainchain (~10 min confirmation)
Read about Taproot, Bitcoin fee estimation, and on-chain transaction mechanics.
Nostr messaging (optional)
Peer-to-peer encrypted messages using the Nostr protocol. No phone number. No email. Your keypair is derived from your wallet seed — one seed, one identity.
Encryption: NIP-44 v2 (ChaCha20-Poly1305 + HMAC-SHA256)
Privacy: NIP-17 gift-wrapped DMs (Kind 1059 → 14) — relays see only ciphertext
Identity: HMAC-SHA256(bip39_seed, "nostr/v1") → secp256k1 keypair
Disabled by default — enable in Settings
Dive into the Nostr protocol, its implementation proposals, and the open-source ecosystem.
Key Derivation
A single BIP-39 seed phrase deterministically generates every key used by the wallet. Lose your seed, restore everything. Same seed, same keys, always.
Seed: BIP-39 12-word mnemonic (128-bit entropy)
Storage: iOS Keychain (Secure Enclave, AFTER_FIRST_UNLOCK_THIS_DEVICE_ONLY)
Spark/Lightning: mnemonicToSeed(mnemonic) → 64-byte hex
Liquid: BIP-32 m/84'/1776'/0'/0/0
Nostr: HMAC-SHA256(seed, "nostr/v1") → secp256k1
Account ID: SHA-256(mnemonic)[0:8] → 16-char hex (one-way)
Backup key: BIP-85 m/83696968'/32'/0' → 32 bytes
Libraries: @scure/bip39, @scure/bip32, @noble/hashes, @noble/ciphers
PayCashu is built on established Bitcoin Improvement Proposals — open, peer-reviewed standards.
Deep Dive
Step-by-step guides and technical documentation for every feature.
From download to your first Bitcoin payment in under 2 minutes. Here's exactly what happens at each step — and why it matters.
Search "PayCashu" on the App Store or use the download link. The app requires iOS 16+ and takes ~50 MB. No account creation. No email. No phone number.
What happens technically: The app generates 128 bits of cryptographic entropy using the iOS Secure Random Number Generator. This entropy is encoded as a 12-word BIP-39 mnemonic seed phrase. All your keys — Lightning, Liquid, on-chain, Nostr — are derived deterministically from this single seed. The seed is stored in the iOS Keychain, protected by the Secure Enclave hardware chip.
Why this matters: Your seed phrase is the master key to your entire wallet. Anyone who has these 12 words can access all your funds. Write them on paper (or metal) and store in a secure, private location. This is your last-resort recovery method if all else fails.
Go to Settings → Security → Encrypted Backup and choose a PIN. This creates a split-custody backup: an encrypted seed goes to iCloud, and an encrypted key goes to our Key Server. Neither side alone can decrypt your wallet. This lets you recover with just a PIN on a new phone — no seed phrase typing required. Uses Argon2id key derivation (OWASP-recommended).
This generates a Lightning invoice or displays your Lightning address. Under the hood, the app creates a Spark receive request — a self-custodial off-chain Bitcoin address. Your keys sign the receive authorization. The payment route is set up automatically.
Your Lightning address looks like username@getcashu.com (if you claim a username) or you can share the QR code directly. Anyone with a Lightning-compatible wallet can send you Bitcoin instantly. The address is reusable — no need to generate a new one each time.
When someone sends to your address, the payment arrives in seconds via Lightning. Your balance updates in real-time. The Bitcoin is self-custodial — you hold the keys, not us. Welcome to sovereign money.
PayCashu supports multiple send paths. The app auto-detects the destination type and selects the best route. Here's how each one works.
Best for: everyday payments, small amounts, instant settlement.
Tap the Send button and paste a BOLT11 invoice (starts with lnbc...), a Lightning address (user@domain.com), or a Spark address. The app auto-detects the type.
For invoices with a set amount, this is pre-filled. For Lightning addresses, enter the amount in sats or your local currency. Live exchange rate displayed.
Review the details and slide the confirmation button. Payment is signed by your keys and sent through the Spark network. Confirmation typically arrives in under 1 second.
Best for: large amounts, cold storage transfers, recipients who only accept on-chain.
Paste a bc1... address (Taproot, SegWit) or legacy address. The app detects on-chain automatically.
Choose from low, medium, or high priority. Fee estimates are pulled in real-time from the mempool.space API. Higher priority = faster confirmation, higher fee.
The app creates a Spark cooperative exit (for small amounts) or a Boltz submarine swap to fund the on-chain transaction. Confirmation takes ~10 minutes (1 block).
Best for: faster-than-on-chain transfers with confidential amounts. Must be enabled in Settings.
Paste a Liquid Bitcoin (L-BTC) address. The app detects the Liquid network automatically.
The app creates a non-custodial atomic swap from your Lightning balance to Liquid using Boltz v2 HTLCs. No trust required — cryptographic guarantees ensure either both sides complete or neither does.
Confirm and send. Liquid settlement takes ~1 minute. Transaction amounts are confidential — hidden from outside observers on the Liquid blockchain.
You don't need to choose the network manually. The app detects the destination type from the address format and selects the optimal route automatically. Lightning addresses → Lightning. bc1... → on-chain. Liquid addresses → Liquid swap. You can always override if needed.
Bitcoin transactions are irreversible. There's no "undo" button, no chargeback, no support ticket to reverse a payment. The slide gesture is a deliberate friction to prevent accidental sends — you can't accidentally tap and send your Bitcoin to the wrong address. It's a safety feature, not a UX quirk.
Two ways to recover your wallet: encrypted backup (easiest) or seed phrase (universal fallback). Set up backup once — it could save your Bitcoin.
Open the app, tap the gear icon, navigate to Security, and select Encrypted Backup.
Choose a memorable but strong PIN. Avoid common passwords, birthdays, or sequential numbers. This PIN is the only way to unlock your encrypted backup — there is no reset mechanism.
Re-enter the PIN to confirm. Double-check carefully — if you forget this PIN and lose your seed phrase, your funds are permanently inaccessible.
The app runs Argon2id (OWASP-recommended) to derive an encryption key from your PIN. This is intentionally slow — it makes brute-force PIN cracking computationally infeasible. Uses 46 MB memory, 2 iterations.
Your encrypted seed is saved to iCloud Keychain (syncs automatically to your Apple devices). The encrypted backup key is sent to our Key Server. Neither side alone can decrypt your wallet.
Download from the App Store. Sign in with the same Apple ID you used before (for iCloud Keychain sync).
iCloud automatically provides your encrypted backup file. No manual import needed — it synced there when you first set up backup.
The app uses your PIN to derive the decryption key (Argon2id again, ~30 seconds), fetches the encrypted backup key from the Key Server, and decrypts your seed. Rate limited: 3 attempts per 24 hours.
All balances, addresses, and history accessible. Your seed is back in the iOS Keychain on your new device.
Download the app on any iPhone running iOS 16+.
Select the seed phrase import option from the welcome screen.
Type your BIP-39 seed phrase in order. The app validates each word against the BIP-39 wordlist and verifies the checksum.
All keys are re-derived deterministically from your seed. Same seed = same wallet, guaranteed by the BIP-32/39/85/86 standards.
PayCashu is designed to minimize data exposure. Here's exactly what happens with your data, how your identity is protected, and what "self-custodial" really means.
The following data is transmitted from your device to external servers. Everything else stays local.
Never transmitted: your seed phrase, private keys, backup PIN, Boltz swap claim/refund keys, plaintext messages, or any personal information.
When you send a message in PayCashu:
Your account ID is: SHA-256(mnemonic)[0:8] — the first 8 bytes (16 hex characters) of the SHA-256 hash of your seed phrase as a string.
Use the BIP-39 passphrase feature (25th word) to create completely separate wallet identities from the same seed:
Each sub-account derives entirely different keys — there's no cryptographic link between them without knowing both the seed and the specific passphrase.
In practice, self-custodial means:
| Feature | PayCashu | Custodial Exchange |
|---|---|---|
| Who holds your keys? | You | The exchange |
| KYC / ID verification | None required | Required (passport, selfie, address) |
| Can freeze your funds? | No — impossible | Yes — at any time, for any reason |
| Data collected | Account ID hash only | Full identity, address, SSN, bank info |
| Withdrawal limits | None | Daily/monthly limits, approval required |
| Recovery if company shuts down | Seed phrase restores everything | Bankruptcy proceedings, hope for the best |
| Recovery if you lose credentials | Seed phrase or encrypted backup required | Customer support password reset |
Power-user features for those who want maximum flexibility and privacy. All are optional — enable only what you need.
Sub-accounts use the BIP-39 passphrase feature — sometimes called the "25th word." Adding a passphrase to your seed phrase creates an entirely different wallet with different keys, addresses, and identity.
Warning: if you forget your passphrase, you cannot access that sub-account. There is no recovery. Write it down separately from your seed phrase.
Monitor your cold storage balance without exposing private keys. Ideal for checking hardware wallet balances on your phone.
PayCashu includes a built-in Nostr client for end-to-end encrypted messaging. Your Nostr identity is derived from your wallet seed — no separate account needed.
BOLT12 offers (when supported) enable reusable payment requests and potential subscription-style recurring payments over Lightning.
Claim a human-readable Lightning address to receive payments without sharing QR codes or invoices.
username@getcashu.com — anyone with a Lightning wallet can send to thisBackup & Recovery
Set a backup PIN once. Lose your phone, get a new one, enter your PIN — wallet restored. No seed phrase typing. No support ticket.
Download PayCashu from the App Store. No account creation needed.
iCloud automatically provides your encrypted backup file. It synced there when you first created your backup.
Your PIN unlocks the encrypted backup key from our Key Server. 3 attempts allowed per 24 hours.
All balances, addresses, and history accessible. No seed phrase ever typed.
Privacy
No KYC. No phone number. No email. Here is exactly what our server knows about you — and what it does not.
FAQ