Security & wallet
What we never touch — and how sign-in works.
Your keys stay yours
Clump never custodies your wallet private keys. Launch and trades are wallet-signed in your browser extension — we only see public addresses and transaction signatures the chain already exposes.
Sign-in
Authentication is a one-time wallet signature per session — no password database, no email list for login. Disconnect anytime from the wallet menu.
Social connections
- X uses OAuth — you authorize Clump to post as your account within Reach
- Telegram: your @BotFather bot token is encrypted and used only to post to the chat id you linked
- Tokens are encrypted at rest; you can disconnect by revoking access on the platform side
What the mind cannot do
- Withdraw funds from your wallet
- Change launch metadata after mint
- Bypass caps because a post ‘sounds convincing’
- Promise guaranteed returns — blocked by policy