// faq
view keys · non-custodial · privacy-first · no kyc
You share a view key — a read-only key exported from your Monero wallet. It lets us detect incoming payments on your behalf, but gives us zero ability to spend. Funds go wallet-to-wallet. We are mathematically incapable of moving your money.
Every Monero wallet has two key pairs: a spend key (controls funds) and a view key (read-only). Export your secret view key from Cake Wallet, Feather Wallet, or the official Monero GUI. Your spend key never leaves your device.
Yes. Our checkout is server-rendered HTML with a meta-refresh tag for status polling. It works in Tor Browser Safest mode, Lynx, or any browser with JS completely disabled.
Yes. The checkout page is accessible via our .onion address. If you run a .onion store, buyers can complete the full payment flow within Tor — zero clearnet requests from their browser.
Any wallet that exports the secret view key: Cake Wallet (iOS/Android), Feather Wallet (desktop), or the official Monero GUI. Your wallet stays under your control at all times.
We use your view key to generate a unique subaddress for each order via monero-wallet-rpc. Each subaddress maps to exactly one order. We match incoming payments to orders by subaddress index — no ambiguity, no address reuse, ever.
We have a full step-by-step guide at lolipop.cash/get-xmr covering wallets, no-KYC swap services, and P2P options.
The fastest path if you have BTC or ETH: use Cake Wallet's built-in swap feature — converts directly to XMR in ~5 minutes with no account required.
For buying with cash or bank transfer: Haveno is a fully decentralised P2P exchange with no KYC requirements.
Free: up to 50 orders/month at no cost. Pro: $15/month + 1% of processed volume, up to 500 orders/month. Business: $49/month + 1% for unlimited orders. All plans billed in XMR at the current rate. Monthly order counts include every checkout you create (paid or not), reset on the UTC month boundary. Webhooks: Free gets one automatic retry after the first delivery attempt; Pro and Business get three retries and a webhook delivery log in the dashboard.
1% of your confirmed order USD value per month, calculated from our database — not from blockchain surveillance. We never watch the Monero chain for your transaction history.
Yes. Use our WordPress plugin (server-side) or call our API directly over Tor via SOCKS5 proxy. No JS required on your end. No clearnet requests from your buyers.
Orders with partial payment within the 30-minute window are flagged as underpaid and you receive a webhook notification. You decide how to handle it.
Monero transactions are irreversible — this is a feature. If you need to refund, send XMR from your own wallet. lolipop has no refund mechanism.
lolipop provides payment infrastructure only. We never see or store what you sell — only a reference string and a price. You are responsible for the legality of your sales in your jurisdiction.
No. Never. We self-host everything on privacy-first infrastructure.
No. Zero trackers on any page, including the buyer checkout. No cookies on the checkout page.
Nothing that identifies them. No IPs, no emails, no names. The order record contains only the product name and amount you sent us, plus the subaddress and tx ID once confirmed.
90 days from the order date, then automatically purged.
We're considering open-sourcing the checkout page and core payment library. Follow updates at lolipop.cash.
An attacker would see payment history (subaddresses and amounts) but could not steal funds. We hold view keys only — never spend keys. Your wallet remains entirely under your control.