Self-hosted Monero point-of-sale — watch-only wallet, multi-device pairing (LAN / Tor / Tailscale), Mac desktop + Umbrel app. Free, open source, no signup, no KYC, no platform fees.
Maintainer: brainchainz / SirJamzAlot
brainchainz / SirJamzAlot also runs: Monero Superbrain A
Best evidence tier. Signup tested end-to-end by xmr.club curator — deposit + withdrawal + edge cases. No-KYC posture verified at retail volume. Last_verified within 12 months.
Full rubric + 7-step verification walkthrough at /methodology.
Monero Superpay is self-hosted Monero point-of-sale software with the security model done right: the device running the dashboard holds only a view-only wallet, never a spend key, so compromising the box leaks transaction history but never funds. Built by solo developer brainchainz (X: @SirJamzAlot), it lets a merchant accept native XMR across multiple terminals without a payment processor, a custodian, or any third party standing between them and their money.
Background. Accepting Monero as a merchant has historically meant either trusting a hosted payment processor (custodial, KYC-prone, a single point of failure) or assembling your own tooling. Superpay is the self-hosted answer: install it, define your products and pricing, attach a watch-only wallet, and pair phones or tablets as point-of-sale terminals. It offers two install paths — a native macOS desktop app or an Umbrel home-server app — so a small shop can run it on hardware it already owns.
Watch-only architecture (what you trust). This is the heart of the review. The host device is given only the wallet's public view key, never the private spend key. That means the PoS box can *watch* for incoming payments and confirm them, but it physically cannot move funds — the spendable wallet lives offline on the merchant's own hardware/seed. If an attacker compromises the dashboard, the worst they get is visibility into transaction history; the money is untouchable. This is exactly how Monero merchant tooling should be designed, and it's the single biggest reason for the grade: the trust you extend is bounded to "can see my sales," not "can take my money."
Operational specs. Set up products and pricing, pair an unlimited number of phones/tablets as terminals via QR code, and get real-time WebSocket confirmations the moment an XMR payment arrives — no manual checking, no refreshing. Two deployment options (macOS desktop or Umbrel) cover both a single-counter shop and a slightly larger multi-terminal setup. Because it watches your own view-only wallet, payments settle directly to you on-chain with no intermediary.
Philosophy. Superpay is sovereign merchant tooling: no processor, no custody, no KYC, no third party that can freeze or surveil your takings. The watch-only design is the philosophy made concrete — it refuses to hold the one thing (your spend key) whose compromise would actually hurt you, accepting only the minimum capability needed to do its job.
Grade rationale. Grade A reflects the correct, security-first watch-only architecture (funds safe even if the box is fully compromised), genuine self-hosting with no custodian, multi-terminal support with live confirmations, and an identifiable solo developer shipping useful open tooling. It sits at A rather than higher because it's a single-developer project and self-hosting carries its own operational burden — verify the source and run it deliberately.
Useful when you're a merchant — physical shop, market stall, café, or event — who wants to take native Monero across one or several terminals without surrendering custody or onboarding a processor. It's also a clean fit for anyone who wants payment acceptance that no third party can freeze, censor, or KYC. Pair it with a hardware/offline spend wallet for the matching cold-storage side.
Caveats. As a solo-developer project, treat source verification and maintenance status as part of due diligence before taking real payments through it. Self-hosting means *you* own uptime, backups, and the node it watches against. One privacy nuance worth understanding: the view key on the host device exposes your incoming transaction history to anyone who compromises the box — funds are safe, but sales visibility is not, so secure the host accordingly. It's XMR-denominated with no built-in fiat conversion, so price your products with exchange-rate movement in mind.
Free + open source. No platform fees. Merchant pays only on-chain XMR fee (~$0.0002).
Sourced from operator pages — verify identity via more than one channel before trusting time-sensitive instructions.
.onion mirror listed 2026-05-24 (<90d) No community reviews yet. Be the first below.
Honest, brand-neutral feedback welcome. A curator approves before it appears here. No JS required.
Silence censorship. Protect your privacy and bypass restrictions with Xeovo VPN. No email required.
Long-running no-KYC aggregator. XMR-friendly, Tor mirror, broad coin support.
Mobile + desktop multi-coin wallet (XMR, BTC, LTC, ETH) with in-app swap + CakePay.
Non-custodial cross-chain swap router with refund-on-refusal AML policy and multi-destination split swaps. No
Two-year-old no-account instant swap — in-house test swap settled in 3 minutes (0–1 conf), Trocador A privacy