Download Blog GitHub Launch App
Last updated: May 2026

Security

Nostrord is built on a minimal trust model: the less you need to trust us, the better. This page covers account security, the relay's role in moderation, and responsible vulnerability disclosure.

Your keys, your responsibility

Your Nostr private key is your identity. Anyone with access to it can sign events on your behalf. Guard it carefully.

  • Never share your private key (nsec) with anyone.
  • Prefer a remote signer (NIP-46 bunker) to keep your key on a separate device, away from the application.
  • Prefer a browser extension (NIP-07) over pasting your key (nsec) directly into the app. The extension isolates the key from the app, which then requests signatures instead of handling your key directly.

Relays and moderation

Nostrord uses NIP-29, where each group's administrators define the rules (who can join, who can post, which messages stay) and the relay enforces them. A group's security depends on both its administrators and the relay that hosts it. The relay is what technically makes the rules stick and, ultimately, may even stop hosting the group. Choose your relays carefully.

Responsible vulnerability disclosure

Found a security issue? Please do not open a public issue. Report it responsibly via GitHub private security advisory. We'll respond as quickly as possible and coordinate a fix before any public disclosure.

Privacy

For information about data collection, relays, and content permanence, see our privacy policy.

Open source

All code is available on GitHub. All security mechanisms and client-side protections can be verified directly in the source.

Contact

For security questions, chat with us in the official Nostrord group or open an issue on GitHub.