YSeed

YSeed Security Model

YSeed is designed to be useful without becoming another place where a seed phrase can leak. The product refuses unsafe features on purpose.

No phrase APInothing posts your wordsMemory-only phrase statetheme is the only saved settingNarrow by designno keys, xpubs, addresses, or balances

Security summary

YSeed is a browser-only BIP39 toolkit. It generates and validates seed phrases locally, avoids phrase persistence, and does not include wallet balance checks, private key extraction, or address derivation features.

Default-deny rules

01

No seed phrase backend

There is no account system, database, wallet lookup endpoint, phrase API, or server-side phrase processing in the public app.

02

No phrase persistence

Generated phrases are not written to localStorage, sessionStorage, cookies, analytics payloads, or URLs. Only the visual theme preference may be saved.

03

No balance checks

YSeed does not derive wallet addresses or check balances. A safe generator should not ask you to paste a real phrase into a live website.

04

No unsafe expansion

The product does not show private keys, xpubs, derivation paths, or wallet addresses. Those features belong in dedicated offline tools.

Runtime boundaries

Surface Allowed Denied
Randomness Browser Web Crypto API Server-generated phrases
Validation Word count, wordlist, checksum Wallet balance lookup
Storage Theme preference only Seed phrase persistence
Network Static same-origin assets Phrase telemetry or third-party phrase APIs

Recommended private ceremony

  1. Prepare the environment. Close screen sharing, cloud notes, browser extensions you do not trust, and camera-visible surfaces.
  2. Load the app once. Open YSeed, then disconnect if your threat model requires offline generation.
  3. Generate locally. Choose 12, 15, 18, 21, or 24 words and generate the phrase in the browser.
  4. Write it down. Prefer paper or metal backup. Treat clipboard and screenshots as unsafe.
  5. Wipe the screen. Use the wipe control and close the tab after verification.

Balance-check tools are outside the trust boundary

YSeed will not add a seed phrase balance checker. A public page that asks for a recovery phrase to check balances is asking for the secret that controls the wallet.

Read the balance-check scam warning

Security playbooks

Use these pages when the question moves from BIP39 structure to operational safety.

Sources and verification

YSeed content and behavior should be checked against primary technical sources, not marketing claims.

Security FAQ

Does YSeed send seed phrases to a server?

No. YSeed is a static browser application. Seed phrase generation, validation, wordlist checks, and checksum checks run in the browser without a phrase API or account backend.

Does YSeed store generated seed phrases?

No. Generated phrases stay in JavaScript memory until the page is refreshed or wiped. YSeed does not write phrases to localStorage, sessionStorage, cookies, or the URL.

Can YSeed check whether a phrase has funds?

No. YSeed intentionally does not derive addresses, query wallets, or check balances. Balance-check tools create unnecessary privacy and security risk.

Use the smallest safe surface.

Start with local generation, validate only structure, and treat any balance-check promise as outside the safety boundary.