Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tangerine.exchange/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Every trade on Tangerine is signed by a platform-specific key (an agent wallet for Hyperliquid, a Schnorr key for Lighter, an API signer for Aster). These keys live entirely in your browser — Tangerine’s servers never see them. The keys are protected by a 3-layer encrypted storage system designed so that even if one layer is compromised, your keys remain protected.

The 3-Layer Storage Architecture

Layer 1 — IndexedDB (Permanent)

The master copy of your encrypted keys is stored in IndexedDB, the browser’s permanent key-value store.
  • Contents: Encrypted trading keys (one per platform)
  • Encryption: AES-256, encrypted with a password derived from your wallet signature
  • Persistence: Survives browser restarts, tab closes, and computer reboots
  • Cleared by: Explicit browser storage clear, or resetting the platform in Tangerine settings
This is the source of truth. If the other layers are missing (e.g. after a restart), Tangerine re-derives the encryption password by prompting your wallet to sign again, then decrypts from IndexedDB.

Layer 2 — localStorage (Session Cache)

A decrypted copy of the keys is cached in localStorage with a 7-day TTL.
  • Contents: Decrypted trading keys
  • Encryption: None (decrypted for performance)
  • Persistence: Survives tab closes but expires after 7 days
  • Cleared by: TTL expiry, explicit localStorage clear, or browser private mode
This layer exists so Tangerine doesn’t need to ask your wallet to sign on every page load. After 7 days, you’ll sign once to re-populate this cache from the IndexedDB master.

Layer 3 — Memory (Runtime Only)

During an active trading session, keys are also held in memory for the fastest possible order signing.
  • Contents: Active signing keys
  • Encryption: None
  • Persistence: Tab session only — cleared when the tab is closed
  • Cleared by: Tab close, page navigation, browser crash
This layer is invisible to the user — it’s an optimization that allows microsecond-latency signing without any storage reads.

How Encryption Works

The encryption password is never stored anywhere. It’s derived on-demand:
  1. Tangerine constructs a deterministic signing message (the same message every time, tied to your wallet address)
  2. Your wallet signs this message
  3. The signature bytes are hashed to produce a 256-bit AES key
  4. This key is used to decrypt the IndexedDB entry
If an attacker steals your IndexedDB data without your wallet, they cannot decrypt the keys — they’d need your wallet signature to derive the encryption key.

What Tangerine Never Holds

  • Raw private keys (agent keys, Schnorr keys, API signers) are never sent to Tangerine’s servers
  • The encryption password (derived from your wallet signature) is never transmitted or stored
  • Your wallet’s private key or seed phrase — Tangerine only requests signatures, never the key itself
See Non-Custodial Architecture for a full breakdown of what Tangerine can and cannot do with your funds.