Security model

Vault-grade by default

FortFi is the secure on-chain account for the AI era: passkey multisig, TEE enclave custody, policy-gated execution, and an immutable audit trail. Hold, send, swap, and bridge on Base, Ethereum, Solana, BNB Chain, and Hyperliquid, and more, all under one security model.

No single point of failure

Every FortFi account is a vault, not a hot wallet. Signing keys live in hardened TEE infrastructure via Turnkey; they are never stored on ordinary app servers or exposed as seed phrases in the UI. New wallets use dual authorization: your passkey plus FortFi's co-signer after policy checks pass.

A stolen passkey alone cannot complete a payout FortFi refuses. FortFi cannot move funds without your device approval. Add one or more co-signers with configurable approval thresholds for real multisig as a service, on your own accounts and on the agents you authorize. Lose a device and a backup passkey restores access, so there is no seed phrase to lose and no single key that can lose it all.

Custody powered by Turnkey

FortFi does not roll its own key custody. Signing runs on Turnkey, a battle-tested industry leader in secure wallet infrastructure. Private keys are generated and used only inside hardened secure enclaves (TEEs), so raw key material is never exposed to FortFi servers, to your browser, or to anyone, including us.

Every signature is gated by your passkey and FortFi's policy engine before Turnkey will sign. You get enclave-grade key security and FortFi's controls on top, without trusting a single company, server, or device with the keys to your wealth.

Policy before execution

Every money-moving action is an ActionIntent: policy check → fee disclosure → your explicit confirmation → execution → audit log. Trusted recipients, spend limits, and cooling-off rules apply before funds route. No silent transfers. No blind signing.

See the full stack diagram and ActionIntent flow on Architecture.

AI works for you, it never holds the keys

FortFi Assist (chat and voice) drafts sends, swaps, and bridges. It creates intents only: policy must pass and you approve with your passkey before anything settles.

Autonomous agents go a step further over MCP. They can act on your behalf, but only inside the policy you set: allowlisted recipients, per-transaction and daily limits, and co-signer thresholds. An agent uses a scoped API key, never your signing keys, and cannot loosen a single rule without a fresh signature from your funding wallet. You delegate a budget, not control.

Same discipline for swaps and bridges

Same-chain swaps, limit orders, and cross-chain routes use the same review-and-sign flow as sends. Quotes, protocol fees, and destinations are shown before you sign. Integrator fees (when enabled) are disclosed in the review step. They do not require a separate passkey approval beyond your swap or send confirmation.

What we do not do

  • We do not hold your private keys on app servers

    Turnkey enclaves sign on your behalf only after you and policy authorize.

  • We do not allow sends to unknown addresses

    Allowlisted recipients and policy checks are enforced before payout.

  • We do not let AI move money outside your rules

    Assist only proposes; humans approve. Agents may act autonomously, but only within your allowlists, limits, and co-signer thresholds, and can never change those rules without a wallet signature.

  • We do not hide fees

    Network, protocol, and FortFi fees (when applicable) are surfaced before you sign.

  • We sponsor gas where we can

    On supported networks (Base, BNB Chain, Ethereum, Polygon, Arbitrum, Gnosis, and Solana mainnet), Turnkey gas sponsorship helps you send and swap without pre-funding native tokens for fees. Availability may vary by network and account during alpha.

Session timeout

FortFi signs you out automatically after 10 minutes without activity in the browser, similar to a banking app. Leaving a tab open in the background still counts as idle once the timer elapses. Sign in again with your passkey to continue.

Contact & official email

Support: [email protected].

Official support for FortFi LLC is [email protected]. Automated FortFi messages (alpha invites, co-signer alerts, security notices) are sent from [email protected] only. We never ask for your passkey, seed phrase, or transfer codes by email.

Who built this

Built by a staff engineer who has shipped wallet and payments infrastructure at Coinbase, Polygon, HSBC, and Goldman Sachs, and who was personally drained twice for roughly $100k by the old wallet-security model.