Documentation
How Livybolt works
Livybolt is an accountless survey tool. You pay one Lightning invoice to create a survey, respondents answer for free, and every response is end-to-end encrypted to a key only you hold. There are no accounts, and the server can never read your data.
CLI reference →
The primary way to use Livybolt. Manages your keys, vault, payments, and decryption.
Dashboard guide →
Read-only browser access to your responses, paired from the CLI. Decrypts locally.
The model in one minute
Three roles, one server:
- You (the owner) pay to create a survey and hold the key that decrypts its responses. The CLI is built for you.
- Respondents open a public link and answer. No account, no payment, nothing readable server-side — their answers are sealed in their browser.
- The server is content-blind. It stores ciphertext and public keys, mints Lightning invoices, and verifies payments. It never holds anything that can decrypt a response.
Two keys, and why it matters
The thing that trips people up: there are two different keys, and only one of them encrypts anything.
| Key | Role | Encrypts responses? |
|---|---|---|
Identity key (livybolt id) | Locks your local vault file at rest. Never sent to the server. | No — local storage lock only |
| Per-survey key | Derived from your seed, one per survey. Its public half is the encryption_pubkey; its private half decrypts responses and signs your reads. | Yes — this is the one |
In the CLI, the per-survey key is derived from your seed automatically — the vault only records which index each survey used, so the key itself never needs storing and re-derives on demand (even after a fresh vault rebuild).
End-to-end encryption is mandatory. Livybolt has no plaintext path. Every survey is sealed to a key you control; there is no option to collect readable answers.