Security.

Non-custodial architecture

Flint is a fully client-side application. All transaction building happens in your browser. No server ever has access to your private keys or the ability to move your funds.

What Flint can and cannot do

• CAN read public on-chain data (balances, token accounts) — this is public information.
• CAN build unsigned transactions and present them for your approval.
• CANNOT sign transactions on your behalf.
• CANNOT move, freeze, or access your tokens without your explicit signature.
• CANNOT access your private keys or seed phrase.

Staking contracts

All staking routes use the official SPL Stake Pool program — the same audited contracts Jito, Phantom, and Helius use in their own interfaces. Flint does not deploy custom smart contracts. USDC deposits use Kamino's official KLend program.

RPC access

On-chain data is read via Helius RPC on mainnet. The endpoint is used for balance queries and transaction submission only. No personal data is stored or transmitted.