Peanut Protocol is trustless and non-custodial.
Funds securely stored in a vault contract and can be only claimed with a secret that is contained in the Peanut Link. Peanut Links are fully self contained and have all the parts needed to claim funds in the future even without using the Peanut App.
The Peanut App is a convenient front end for creating Peanut Links. However all information about created Links remain in the browser session and local storage it was created in, and is not leaked anywhere else. This is an extremely important design choice as anyone with the Link (including a malicious operator) is able to generate the key which can claim all the stored funds.
Never share Peanut Links with anyone (including the Peanut Team)!
Everything the Peanut App does is open source (we use our SDK and smart contracts which are open source and permissionless) and can be independently audited and inspected.
Funds can be claimed directly onchain without use of the Peanut App as described in the claim process.
Link recipients should consider the possibility of the Link creator withdrawing the funds that have been sent via a Link.
Receiving a Link does not guarantee the Link recipient(s) are the only ones that can access the funds. The Link creator that deposited funds into a Peanut Smart Contract can manually withdraw funds (invalidating a link) after a 24 hour window. See link withdrawals for more information.