> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lasersell.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Key Safety

> How LaserSell protects your private keys and best practices for wallet security.

## Non-custodial design

Your private keys never leave your machine. LaserSell signs all transactions locally and never transmits keys to any server.

* Keys are generated and stored locally
* All transaction signing happens on your device
* LaserSell cannot freeze funds, initiate withdrawals, or execute trades without your command

## Encrypted keystore

LaserSell encrypts your wallet with **XChaCha20-Poly1305** authenticated encryption and derives the key using **Argon2id**, a memory-hard function that makes brute-force attacks prohibitively expensive.

If you have a legacy plaintext `wallet.json` from another tool, LaserSell will offer to migrate it to the encrypted keystore format automatically.

<Warning>
  There is no "forgot password." If you lose your passphrase, the keystore cannot be decrypted. Your recovery path is re-importing from your seed phrase or private key.
</Warning>

## Memory hygiene

During unlocking, your passphrase and decryption intermediates are held in memory only for the instant they are needed. They are explicitly zeroized immediately after, preventing credential scraping by malware.

## Best practices

**Treat LaserSell as a hot wallet.** Do not keep large balances in your trading wallet. Only fund it with what you intend to trade.

**Sweep profits regularly.** Move gains to a hardware wallet or cold storage. Do not let profits accumulate in a hot wallet.

**Use a strong passphrase.** Your keystore security depends entirely on passphrase strength.

## Anti-phishing

LaserSell support will **never** ask for your:

* Private key or seed phrase
* Keystore passphrase
* Wallet "validation" or "synchronization" on any website

Anyone requesting these is a scammer. Block and report them immediately.