How we keep your wallet and data safe.
When you sign in with Google, no wallet extension is involved at all. There is no wallet prompt, no signature request, no browser extension access. You simply enter a Solana wallet address to monitor, the same public address anyone can look up on Solscan or Solana Explorer. DLMM Alert reads publicly available on-chain data for that address. Your Google account is used only for authentication, and notifications are delivered directly via Telegram Bot. It is completely impossible for the app to interact with your funds in any way.
Connecting your wallet to DLMM Alert is as safe as viewing your wallet on Solscan. Here's exactly why.
DLMM Alert never asks you to sign a transaction. Your wallet connection is read-only: we use the Solana Wallet Adapter standard library to read your public key and view on-chain positions. That's it. There is no smart contract, no token approval, no transfer instruction. It is technically impossible for this app to move, spend, or access your tokens.
Your private key never leaves your wallet (Phantom, Solflare, Backpack, etc.). We only receive your public address, the same address anyone can look up on Solscan. We couldn't steal funds even if we wanted to, because we never have the key required to sign a transaction.
Unlike most DeFi dApps, DLMM Alert does not deploy or interact with any smart contract. We read publicly available on-chain data (your DLMM positions) the same way any block explorer does. There is nothing to exploit, no approval to revoke.
Built on the same battle-tested infrastructure used by the biggest names in Solana and beyond.
The same open-source wallet connection library used by Meteora, Jupiter, Raydium, Marinade, Tensor, and virtually every major Solana dApp. Developed and maintained by Solana Labs. Audited and battle-tested across billions of dollars in TVL.
Also used by: Meteora, Jupiter, Raydium, Marinade, Tensor, Magic Eden
On-chain data is fetched through Helius, one of Solana's most trusted RPC providers. Helius powers infrastructure for top-tier protocols and processes billions of requests daily. All RPC keys are server-side only and never exposed to your browser.
Also used by: Jupiter, Tensor, Helium, DRiP, Crossmint
Position data comes directly from Meteora's official @meteora-ag/dlmm SDK and their public Data API. We read the same data you see on app.meteora.ag: bin ranges, active bins, unclaimed fees, and PnL. No custom smart contract calls.
Also used by: Meteora (official SDK)
Authentication (Google OAuth and wallet sign-in) and data storage are handled by Supabase, built on PostgreSQL with Row Level Security (RLS) policies on every table. Data is encrypted at rest and in transit. Supabase is SOC 2 Type II compliant.
Also used by: 1Password, Mozilla, Pika, Humata AI
Notifications are delivered via a direct Telegram Bot. Alerts are opt-in and require no personal data beyond your Telegram username.
Also used by: Widely used by Solana dApps for real-time alerts
The app is hosted on Vercel, the platform behind Next.js. Automatic HTTPS, DDoS protection, edge caching, and SOC 2 compliance. Used by some of the largest web applications in the world.
Also used by: Washington Post, Under Armour, Nintendo, Notion
Technical security hardening applied across the application.