Back

How custody works

Plain language. Read this before you fund a wallet.

Where your keys live, by chain

EVM
Base · Ethereum · Optimism · Arbitrum · Polygon · BNB

Your private key is generated by Privy MPC: split into shares, with Privy holding one share and CoinVoyage holding another. Neither party can sign for you alone. You authorize CoinVoyage to sign on your behalf via Privy's delegated session signers, which CoinVoyage can revoke at any time.

Solana
Mainnet-beta

Same Privy MPC model as EVM.

Sui
Mainnet

CoinVoyage holds an Ed25519 keypair on your behalf, encrypted at rest with a server-side master key under CoinVoyage's control. This is a temporary state until Privy publishes a Sui signer in their server SDK. You can export this key at any time from Settings → Export Keys.

How signing works

  • You initiate a swap by talking to the agent — "Pay Alice 10 USDC from base", "swap $25 to ETH on optimism."
  • The agent shows you the quote — source amount, destination amount, slippage, route, fees. You confirm.
  • CoinVoyage signs the transaction with its share (EVM/Solana) or its bot-managed key (Sui) and submits to the chain. The transaction hash and outcome land in your chat within seconds.
  • You can revoke delegation at any time from /revoke. After revoke, CoinVoyage cannot sign anything on your behalf until you re-authorize.

What CoinVoyage CAN do

  • Sign swap and payment transactions you request
  • Read your wallet balance on any supported chain
  • Settle x402 payments at HTTP endpoints you instruct
  • Store an encrypted Sui keypair on your behalf (until Privy ships Sui signing)

What CoinVoyage CANNOT do

  • Sign anything for EVM or Solana without Privy's other key share
  • Move funds without your explicit confirmation in chat
  • Sell crypto for fiat (not supported in this app)
  • Buy crypto with fiat (not supported in this app — fund externally)

Risks you accept by using CoinVoyage

  • Custodial risk on Sui: CoinVoyage holds your encrypted Sui key. A breach of CoinVoyage's master key would expose Sui balances of every user. Mitigated by encryption-at- rest with server-side master key; eliminated when Privy ships Sui signing.
  • Smart-contract risk on every chain: swaps route through Uniswap, Aerodrome, Jupiter, Cetus, and others. A bug in any of these is outside our control.
  • Stable-coin de-peg risk: USDC is issued by Circle. We do not control Circle's operations.
  • No insurance: your funds are not FDIC-insured, not SIPC-insured, not covered by any custody insurance product. Use at your own risk.

Operator entity and geographic restrictions

CoinVoyage is operated by CoinVoyage Inc, a corporation organized under the laws of Nevada, United States.

We restrict access from specific U.S. states where we are not (yet) authorized to operate, and from any jurisdiction subject to comprehensive U.S. sanctions or otherwise restricted under applicable law. Restrictions are determined by IP address and account-claimed location at sign-up and may be updated as our state-level registrations and counsel guidance evolve. If you're in a restricted location, the app will refuse to provision a wallet. See the live list at restricted locations or email legal@coinvoyage.io.

Changes to custody over time

Our custody stack may evolve as our infrastructure providers release new capabilities — for example, when Privy ships native Sui signing, the encrypted Sui keypair model described above goes away and Sui moves to the same MPC pattern as EVM and Solana.

If we ever change our custody model in a way that materially affects user keys, we will update this page at least 14 days before the change takes effect and notify you in-app and via email so you can review or export before the change applies.

Questions or concerns

Email support@coinvoyage.io with anything about custody, key handling, or risk you want to understand before using the app.