Privy’s wallet system provides a layered control model that defines who can authorize actions and how wallets behave. These controls are built into the architecture of Privy wallets and help teams design secure, predictable flows without adding friction for users.
Privy wallets are designed with security at their core. Our approach uses a combination of key splitting (Shamir’s secret sharing) and private key reconstitution in secure execution environments to ensure that only authorized parties can access their wallets. Wallets remain fully non-custodial and users ultimately have full control over their assets.
Privy’s control model allows you to specify exactly who can approve different types of actions. Quorums can include users, authorization keys, or both, enabling patterns such as:
User-controlled wallets: The user approves everything.
Delegated permissions: Users grant limited, scoped authorization to the application.
Application-managed control: Services approve operational actions under strict policies.
Shared control: Multiple parties must sign off on sensitive operations.
These configurations allow you to align wallet ownership with your product’s risk and UX requirements.
Policies define the actions a wallet is allowed to take. They operate as key-level enforceable guardrails, ensuring wallets behave only as your application intends.
Transaction limits: Set maximum amounts that can be transferred.
Approved destinations: Specify recipients where funds can be sent.
Contract interactions: Control which smart contracts can be used.
Action parameters: Define what specific operations are permitted.
Policies help protect users and applications by preventing unauthorized or unintended actions, making them essential for features like payment subscriptions, trading limits, or scheduled transactions.
To learn more about implementing specific controls and policies for your application, explore our detailed documentation on wallet policies and controls.
