Continuity & recovery

If FortFi goes away, your funds are still yours

FortFi adds policy, co-signers, and audit — not custody. Your assets settle on public blockchains. Your signing keys live in Turnkey's TEE infrastructure. This page is the public runbook for what that means if FortFi is down, winds down, or you choose to leave.

The short answer

Your everyday continuity path is a backup passkey on a second device — no seed phrase required. If FortFi disappears, your on-chain balances and Turnkey keys remain yours. You can still sign in (directly or via a claimed agent link) and complete a passkey-gated export from Security. FortFi's allowlists, limits, and co-signers protect you while you use FortFi; they do not lock your keys inside our app.

Step-by-step recovery

  1. Register a backup passkey now. In Security, add a second device. This is the path we design for — you keep FortFi's policy layer without managing seed phrases.
  2. If you need to leave FortFi: open Security → Export your keys. Turnkey reveals key material in a secure browser iframe after passkey verification. FortFi never sees it. Only use this if you plan to operate outside FortFi's controls entirely.
  3. Verify on-chain. Your vault addresses and balances are visible on public block explorers — they do not depend on FortFi staying online.
  4. Revoke agent access. If you used MCP or API keys, rotate or revoke them when you leave. Agent keys cannot export root keys, but they can act within the policy you granted until revoked.

What stays vs what goes

  • Yours forever (on-chain + Turnkey)

    Token balances on public chains, wallet addresses, and the ability to export signing keys via passkey-gated Turnkey export.

  • FortFi-specific (does not travel with export)

    Allowlists, spend limits, co-signer policies, audit log UI, Assist history, and agent MCP configuration.

  • After export

    You operate outside FortFi's policy layer. Exported key material has no allowlist or co-sign gate — treat it like a hot wallet.

Agent wallets

Agents do not hold your root keys. They use scoped MCP API credentials to act inside caps you define. There is no MCP export tool — key export requires passkey verification in the FortFi web UI (Turnkey iframe). An agent API key cannot reveal seed material.

If you provided a contactEmail at onboard, claim the agent to your human FortFi account (use the claim email, or resend_claim_link from MCP). Once claimed, sign in with your passkey and export from Security like any other vault.

If FortFi disappears: funds remain in the agent vaults. Revoke API keys while you still can — or they simply stop working. Recovery is through the linked human account's passkey + export flow, not through the agent key.

Proactive checklist

  • Register a backup passkey

    Losing one device should not lock you out while FortFi is still running.

  • Know your vault addresses

    You can verify balances on-chain explorers without FortFi.

  • Claim agent accounts you own

    If you onboarded agents with contactEmail, link them to your human account before you need emergency access.

  • Document co-signers

    If you use multisig thresholds, ensure co-signers know their role if you migrate off FortFi.

Need help?

Email [email protected] for continuity questions. We will not ask for exported key material — ever.