Security Model
How the inscriber protects you — and how to verify that claim yourself. Don't trust. Verify.
// 01 · Non-custodial by design
Your private keys and seed phrase never leave your device. No SovereignRender server ever receives, stores, or transmits them, and no server ever signs a transaction. You keep custody of your funds at all times.
Signing happens in your own wallet (Unisat, Xverse, Leather). On the manual funding path, a throwaway key is generated in your browser and stored only in your browser's local storage — never sent anywhere.
// 02 · How an inscription is made
1The Studio compiles your video into a self-contained HTML artifact.
2Your browser builds two Bitcoin transactions — a commit and a reveal — that carry the artifact in the witness. No ord index, no node, no txindex.
3Your wallet signs the commit. The reveal is signed in-browser by the ephemeral key.
4Both transactions broadcast through a public block-explorer API (mempool.space). The inscription lands on the first sat of the reveal output — sent to you.
// 03 · What the server sees — and doesn't
- Never: your private keys, seed phrase, or wallet — nothing to sign with ever reaches a server.
- Server-side compile: the video you upload is sent to the Studio server only to build the artifact, then discarded.
- Browser Mode: compile entirely offline in your browser — the video never leaves your machine. Use it for full privacy.
- Transaction construction and signing are always client-side, regardless of compile mode.
// 04 · Dependencies you can trust
Transaction building uses micro-ordinals and @scure/btc-signer — minimal, audited libraries from the well-known noble/scure ecosystem. These load into the Studio only; the inscribed artifact itself has zero external dependencies — no CDN, no IPFS, no API calls — and plays from the chain forever.
// 05 · Verify it yourself
You don't have to take our word for any of this. The exact client-side inscriber your browser runs is served, unminified, at /sr-inscriber.js — read it. The Studio itself is proprietary, but the security-critical code is not opaque: the ephemeral keys, the commit/reveal construction, and the fact that no key is ever transmitted are all right there for you to inspect.
// 06 · Recommendations
- Rehearse on signet first — it's free and behaves like mainnet for inscription sizing.
- Use a fresh, low-balance wallet for inscribing rather than your main stack.
- Check every number before you sign — network, fee rate, amounts, destination. Mainnet is irreversible.
- Keep the throwaway inscriber key only as long as you need it; you can reset it from the Studio.