Primal Wallet

Wallets24 min readPrimal social wallet, zaps, Spark custody model and Nostr Wallet Connect

Primal Wallet

Primal Wallet sits inside one of Nostr's most visible social clients and turns zaps, app connections and everyday Bitcoin payments into part of the timeline.

The wallet inside the Primal client

Primal Wallet is easiest to understand if you already know Primal as a Nostr client. Primal is a social app for reading, posting, discovering people, playing media, reading long-form notes and moving through Nostr with a polished mobile and web interface. The wallet is not bolted on as a separate side business. It sits in the same product where people follow accounts, read feeds and send zaps.

That matters because Nostr payments rarely happen in an empty room. They usually happen around a post, a profile, a live conversation, a long-form article, a recommendation or a creator relationship. Primal Wallet is built for that setting. The user does not leave the app, copy an invoice, open a second wallet, approve a payment and return to the feed every time a small payment is needed. The wallet is meant to make that loop feel native.

The result is powerful and easy to misunderstand. Primal Wallet is part wallet, part social payment tool, part NWC service and part onboarding bridge. It serves ordinary Primal users who want to zap from the timeline. It also serves people who want Primal to act as the wallet behind other Nostr apps. Those are related jobs, but they create different trust, privacy and reliability questions.

Why Primal needed a wallet at all

A Nostr client without payments can still be useful. It can show notes, follows, replies, media and articles. But Nostr culture quickly turned zaps into a central behavior: small bitcoin payments attached to profiles and posts. A client that wants to feel complete needs to answer a simple question: what happens when the reader wants to send sats now?

Primal answered by putting a wallet inside the client. The App Store listing describes Primal as next-generation social media powered by Nostr and Bitcoin, with a built-in wallet beside feeds, media playback, long-form articles, content discovery and search. Google Play says the same kind of thing in mobile-store language: easy onboarding, rich feeds, bitcoin wallet and discovery in one app.

The wallet therefore is not only a feature checkbox. It changes the product's center of gravity. Primal is not merely a window into Nostr events. It tries to be a place where the user can read, respond, find people and pay without switching mental contexts. That is why the wallet deserves its own article even though Primal also has a broader app profile.

From custodial convenience to self-custodial responsibility

Primal's wallet history is important because it explains the tradeoff the team has been working through. The Breez case study says Primal launched in 2023 with a custodial wallet. That was not framed as the philosophical ideal. It was a practical answer to a hard product problem: the app needed instant payments, low friction and a reliable experience at a time when a polished non-custodial option for that exact use case was not ready.

Custodial wallets make onboarding easier. The user does not need to manage channels, liquidity, backups or node state. The cost is obvious: an intermediary sits between the user and the money. Custody can introduce limits, regional restrictions, compliance pressure, account risk and a dependency on the operator. For a Nostr client, that dependency is awkward because the broader Nostr promise is portable identity and user control.

The newer story is Primal's move toward self-custodial wallet infrastructure using Breez SDK - Spark. Breez's case study describes the problem plainly: Primal wanted to remove the custodial intermediary without making the wallet feel slow or complicated. That is the heart of the Primal Wallet question. The best version of the wallet gives users the speed of an in-app balance while moving custody closer to the user.

Spark is the current custody clue

Breez SDK - Spark is the clearest public clue about the current Primal Wallet architecture. Breez describes the SDK as a way to integrate instant, non-custodial bitcoin payments, with support for Lightning-style sending and receiving, LNURL-pay, Lightning addresses, BOLT11 invoices, on-chain bitcoin addresses and Spark addresses. The important phrase for a normal user is not the protocol list. It is that the keys are meant to be held by users.

Spark changes the way a mobile social wallet can feel. A normal Lightning wallet can burden the user with liquidity, channel management and online availability. A custodial wallet hides those problems by giving them to the operator. Spark-based wallet infrastructure aims for another path: fast payments, recovery and multi-device support while preserving a stronger user-control model than a simple hosted balance.

Readers should still be precise. Self-custodial does not mean risk-free, and it does not make every server dependency vanish. It means the custody model and recovery model should be materially different from a hosted account. The user should know where seed words or recovery material live, how backup works, how to restore the wallet, what happens on a lost phone and which services are still needed for routing, synchronization and wallet operation.

What the public apps show

The store records show an active product rather than an abandoned experiment. Apple's listing for Primal names Primal Systems Incorporated as the seller, places the app in Social Networking and describes a built-in wallet, rich feeds, media playback, long-form articles, discovery and Remote Login for compatible Nostr apps. When checked on June 11, 2026, Apple's API listed version 3.0.61 with recent wallet fixes.

Google Play lists Primal by PRIMAL SYSTEMS INC., with in-app purchases, tens of thousands of downloads and recent updates. The Play description focuses on easy onboarding, smooth rich feeds, a built-in bitcoin wallet and discovery. Store listings are marketing surfaces, but they are still useful. They show which claims the operator is willing to place in front of mainstream mobile users.

The public repositories add a second view. Primal publishes the web app, Android app, iOS app and server code on GitHub under the PrimalHQ organization. The repositories are active, written in TypeScript, Kotlin, Swift and Julia, and carry MIT licensing. That public code does not remove every trust question, especially around operated services, but it lets readers inspect the wallet and NWC behavior far more deeply than a closed mobile wallet would.

Zaps are the everyday wallet action

For many users, Primal Wallet first appears as a zap wallet. A zap is a Lightning payment attached to a Nostr action, usually a post or profile. NIP-57 defines the zap flow, and clients like Primal make it feel like a social reaction with money behind it. This is not a large-payment workflow. It is the small-money internet: thank a writer, signal appreciation, support a creator, or participate in a community norm.

That is why wallet latency and friction matter so much. If a zap takes too long, asks for too many context switches or fails often, users stop treating it like a native social action. The wallet has to be quick enough that a small payment feels reasonable, but careful enough that the user does not accidentally grant broad spending power to the wrong app.

Primal's wallet work sits exactly in that tension. The user wants zaps to be smooth from the feed. The same user also needs real controls: wallet backup, visible balance, app connection management, spending limits and revocation. A social payment wallet is successful only when it makes small payments easy without making money feel invisible.

Nostr Wallet Connect makes the wallet useful outside Primal

Nostr Wallet Connect, defined by NIP-47, lets an app ask a wallet to perform payment-related actions over Nostr relays. The app and wallet do not need to be the same product. A note client, live-streaming app, publishing tool or game can ask a connected wallet to pay an invoice, make a zap or check payment state, depending on the wallet's permissions.

Primal Wallet is important because it can be the wallet in that relationship. Primal's iOS settings text says users can connect Primal Wallet to other Nostr apps via Nostr Wallet Connect to enable zapping and payments. The iOS flow lets a user create a new wallet connection, name the app, choose a daily budget and revoke access later. That is the kind of control NWC needs to be safe enough for ordinary people.

The Android code shows the same theme at a larger scale. It models NWC wallets and connections, supports wallet capabilities, stores connection data, handles NWC requests, can start a wallet service and includes audit log export paths. Those details matter. NWC is not just a QR code. It is a permission relationship that should be visible, limited, revocable and inspectable.

Daily budgets are not decoration

Primal's iOS source is unusually helpful because it shows the spending limits as product behavior. The new NWC connection screen offers daily budget choices such as 1,000 sats, 10,000 sats, 100,000 sats, 1,000,000 sats and no limit. The default visible path is conservative enough for small zaps while still making larger app usage possible if the user intentionally chooses it.

That matters because an NWC connection can outlive the moment when it was created. A user might connect a wallet to a new client, test it once, forget it exists and keep using the wallet for months. Without budgets and revocation, that forgotten connection becomes a quiet risk. With budgets, the worst daily damage can be bounded. With revocation, old access can be removed.

Readers should use those controls. Name each connection clearly. Keep daily budgets small for apps that only need zaps. Avoid no-limit connections unless the app is trusted, actively used and understood. Review the connected apps list periodically. Revoke anything stale. The safest NWC setup is not the one with the most features; it is the one whose permissions still match real use.

The wallet service is a real reliability issue

Mobile wallets have a hard job when other apps expect them to respond. A NWC wallet may need to receive requests, approve payments, send responses and track state while the user is not staring at the wallet screen. Primal's iOS settings mention auto-starting the wallet service and say background operation helps it run reliably. The Android code also contains a Primal NWC service and session handling.

That is not a minor implementation note. It is the difference between a wallet that looks connected and a wallet that actually answers when another app asks for a payment. Phone operating systems restrict background work. Battery optimization can pause services. Network changes can break sessions. A user may think NWC is broken when the real problem is that the wallet service was asleep.

Before relying on Primal Wallet as the backend for another app, test the boring cases. Connect an app, send a tiny zap, lock the phone, wait, try again, switch networks, restart the app and review the request history. A wallet that works only while the settings screen is open is not enough for real use. Primal's service controls exist because background reliability is part of the wallet.

Primal Web can also use external wallets

Primal's web app is not limited to Primal Wallet as the only payment source. The web source includes settings for connecting an external wallet that supports Nostr Wallet Connect. The interface asks for a wallet name and a NWC connection string, then stores the connection for zapping from the Primal web app.

That is an important distinction. Primal Wallet can serve other apps, and Primal Web can also be a client of another wallet. The same protocol can point in both directions. A user might use Primal Wallet on mobile as their NWC service, or they might use Alby Hub, Coinos, LNbits, Zeus or another NWC wallet as the backend for Primal Web. The right setup depends on custody, reliability and device habits.

The reader should not collapse all of this into one vague phrase like wallet support. Ask which role Primal is playing. Is Primal the social app asking for payment approval from another wallet? Is Primal Wallet the wallet serving another app? Is the active wallet a Primal-managed wallet or an imported NWC connection? Each role has different failure modes.

Remote Login is adjacent, not the same thing

Primal's store description also mentions Remote Login, where Primal can authorize activity in compatible Nostr apps. That belongs to the identity and signing side of Nostr, not directly to the wallet side. It is still relevant because users often experience these features together: one app, one profile, one approval flow, one set of permissions.

Nostr has separate problems that can feel similar to a newcomer. A signer approves social events. A wallet approves payments. A Remote Login or remote signing flow can let a user use one Nostr identity across apps without typing a private key into every website. Nostr Wallet Connect can let apps request payments without holding wallet credentials. Both are about delegation, but the assets at risk are different.

Primal's strength is that it brings these ideas into a polished client. The risk is that polish can hide distinctions. A reader should know whether they are approving a post, a profile action, a login, a zap or an invoice payment. The right mental model is not one giant permission bucket. It is separate capabilities with separate consequences.

What Android reveals about recovery

The Android code gives useful clues about Primal's self-custodial wallet path. The Spark wallet manager initializes wallets from seed words, handles disconnecting wallet instances and exposes balance and unclaimed deposit flows. The restore use case initializes a Spark wallet from seed words, persists recovery material, registers the wallet, ensures wallet account information exists, marks the wallet as backed up and sets it active.

That source-level behavior is reassuring in one way: recovery is a first-class flow, not an afterthought. It also tells the user what to care about. If a wallet is recoverable by seed words, then the seed words are the wallet. Losing them can be fatal. Exposing them carelessly can be fatal in the other direction. A social app can make money feel light, but the recovery material remains serious.

The practical check is simple. Before keeping meaningful value in Primal Wallet, confirm that the wallet is backed up, understand how the seed words are stored or shown, know how to restore on a new device and test with a small amount if the app provides a safe path. Do not wait until the phone is lost to learn what the recovery screen really meant.

The server side still matters

A self-custodial wallet can still depend on operated services. Primal's public web code references a wallet service endpoint for checking active Primal wallet state and creating NWC connections. The server repository covers membership, discovery and media caching work in the broader Primal stack. Breez SDK - Spark also has its own service architecture and documentation.

This is normal for a modern mobile wallet, but it should be visible to the reader. The custody question is not the only question. There is also uptime, request routing, relay connectivity, synchronization, notification delivery, fee behavior, invoice resolution and app-store distribution. A wallet can protect keys better than a custodial account and still be unpleasant if the service layer is unreliable.

That is why serious users separate custody from availability. Ask who can move the funds, but also ask what has to be online for the wallet to work. Ask whether the app can recover if Primal's service is temporarily unavailable. Ask whether connected apps fail gracefully. The answer may be acceptable, but it should not be invisible.

Privacy is more than the Nostr identity

Primal Wallet lives inside a social app. That means payment behavior can sit near social behavior: follows, posts, replies, long-form reading, media, searches, creator relationships and wallet connections. Nostr makes identity portable, but it does not magically make every action private. A zap can be public, relational and durable in ways that normal card payments are not.

The Play Store data-safety section says Primal may collect categories such as personal information and photos or videos, says data is encrypted in transit and says deletion can be requested. Store disclosures are broad and imperfect, but they remind the reader that the mobile app has more surfaces than the wallet alone. The public client code is useful, yet the user still interacts with app distribution, services and account-level product choices.

Good wallet privacy starts with small habits. Keep public zaps separate from private payments. Use budgets that fit the app. Avoid connecting the same wallet to every experiment. Review old NWC permissions. Understand that a social payment can say who you read, who you support and when you were active. The wallet is convenient because it is social; the same fact makes privacy more subtle.

What to check before using Primal Wallet

Begin with version and backup. Update the app from the store or the official repository path you trust. Open the wallet settings. Confirm whether the wallet is active, backed up and recoverable. If the app shows seed words or recovery guidance, treat that step as part of the setup, not optional paperwork.

Then check connections. If you use Primal Wallet with other Nostr apps, review the NWC connection list. Each app should have a recognizable name and a sensible daily budget. Revoke old tests, unknown apps and anything that no longer serves a purpose. If a connection needs a high limit, make sure you know why.

Finally test payment paths with small amounts. Send a small zap from Primal. Connect Primal Web to an external wallet if that is your setup. Connect a third-party app to Primal Wallet if that is your setup. Lock the phone and try again. Export or inspect logs if something fails. Do not turn a new wallet path into infrastructure until it survives ordinary use.

Who Primal Wallet is for

Primal Wallet is strongest for people who already live in Primal. If your Nostr reading, posting and discovery happen there, the wallet reduces friction in the place where you actually want to zap. It also makes sense for users who want one polished mobile client to handle social Nostr and a controlled NWC wallet relationship with other apps.

It is not the only sensible wallet choice. Alby Hub may be better for a browser-heavy or self-hosted NWC setup. LNbits may fit a server operator. Coinos may fit a hosted payment account. Zeus may fit a node operator. Cashu wallets may fit ecash experiments. Primal Wallet's advantage is the social-client integration, not universal superiority.

That distinction keeps expectations healthy. Use Primal Wallet if the integration, mobile app and Primal identity layer are valuable to you. Use another NWC wallet if you need a different custody model, backend, node connection, service profile or administrative control. Nostr payments are getting interesting precisely because the wallet no longer has to be the same product as the app.

The durable lesson

Primal Wallet shows where Nostr payments are heading. The interesting part is not only that a social app has a wallet. Many apps can add a balance. The interesting part is that Primal is trying to combine social zaps, self-custodial infrastructure, NWC permissions, mobile wallet services, recovery and external wallet support in one everyday client.

That combination is still demanding. A wallet inside a social app must be fast, understandable, recoverable and permission-aware. It must work when another app asks for a payment. It must make small zaps feel natural without making spending authority feel casual. It must keep enough of the technical reality visible that users can make informed choices.

For readers, Primal Wallet deserves attention and careful use. It is one of the most important wallet surfaces in the Nostr app ecosystem because it lives where many users already read and interact. Treat it as a serious payment tool, back it up, limit connections, test it with small amounts and let the convenience earn trust through repeated boring success.

Sources worth opening

Open Primal itself, the iOS and Android store listings, Primal's public code repositories, the Breez SDK - Spark case study, Spark documentation, NWC and NIP references, and the source files where Primal handles wallet connections, budgets, services and recovery.

• Primal official site
• Primal on the App Store
• Primal on Google Play
• PrimalHQ GitHub organization
• Primal web app repository
• Primal Android app repository
• Primal iOS app repository
• Primal server repository
• Breez SDK Primal case study
• Breez SDK - Spark documentation
• Breez SDK - Spark GitHub repository
• Spark official site
• Build on Spark
• Nostr Wallet Connect site
• NIP-47 Nostr Wallet Connect
• NIP-57 Lightning zaps
• NIP-46 Nostr remote signing
• NIP-07 browser signer capability
• No Bullshit Bitcoin on Primal v2.1 NWC support
• Primal web wallet helper source
• Primal web Nostr Wallet Connect settings source
• Primal iOS NWC settings source
• Primal iOS new NWC connection source
• Primal iOS NWC deep link handler
• Primal iOS AppDelegate wallet setup
• Primal Android Spark wallet manager
• Primal Android restore Spark wallet use case
• Primal Android NWC repository
• Primal Android Primal wallet NWC repository
• Primal Android NWC request log model
• Primal Android NWC CSV log exporter
• Primal Android wallet settings screen
• Primal Android wallet settings view model
• Primal Android NWC parser
• Primal Android connect NWC use case
• Primal Android wallet capability model
• Apple iTunes lookup for Primal app metadata