# Security & Trust Qwerti is built as a **non-custodial DeFi Aggregator**.\ We help you route and execute transactions across different chains and providers, but we never take control of your funds or private keys. This page explains how Qwerti works from a security perspective, what we **do** and **do not** do, and how we choose the providers we integrate with. *** ### 1. Non-Custodial by Design Qwerti is **not a wallet**, **not a custodial exchange**, and **not a bank**. * We **do not hold your assets**. * We **do not store or see your private keys**. * We **do not execute transactions on your behalf** without your explicit confirmation. All funds stay in: * your **own wallet**, or * a **smart / embedded wallet** managed by a trusted wallet provider (for example, via Privy or similar services). Qwerti is a UX and routing layer on top of existing wallets and protocols. *** ### 2. Wallets & Private Keys #### 2.1 Your Own Wallets When you connect a wallet (e.g. browser or mobile wallet): * Qwerti gets **read-only access** to: * your public address * your balances on supported chains * Qwerti **cannot**: * see your private key or seed phrase * move your funds without your transaction approval * sign anything on your behalf Every transaction you make through Qwerti must be: * **built** by our routing logic * and **explicitly approved** in your wallet (or embedded wallet interface). If you don’t sign, nothing happens. *** #### 2.2 Embedded / Smart Wallets If you choose to use an embedded / smart wallet: * The wallet is provided and secured by a specialized **wallet infrastructure provider** (e.g. Privy). * Qwerti integrates this provider in the interface, but: * we do **not** generate or store your private keys * we do **not** have direct access to your wallet * we cannot sign or send transactions without your confirmation. From a security perspective: * Your login (social, email, etc.) is used by the wallet provider to manage access to your wallet. * Qwerti acts as the **frontend and routing logic**, while the underlying wallet infrastructure handles key management using its own security model. *** ### 3. Transaction Approvals Qwerti **never** pushes transactions to the blockchain without your explicit action. For every transaction, you will: 1. See a **summary of the route** in the Qwerti interface: * source chain & token * target chain & token * estimated output amount * fees and providers involved (where applicable) 2. Be asked to **confirm the transaction** in: * your own wallet, or * your embedded / smart wallet interface, or * the fiat on-ramp provider UI (for card payments). Only after you: * review * and confirm / sign does the transaction go on-chain or proceed via the fiat provider. If you close the page or reject the request in your wallet, the transaction is not executed. *** ### 4. What Qwerti Does and Does Not Do #### 4.1 What Qwerti Does * Builds **routes** across: * DEX aggregators * bridges * fiat on-ramps * Provides a **single UX** for: * swap with crypto * buy with card * bridge + swap flows * Connects to your wallet in a **non-custodial** way. * Shows you quotes, estimated outputs, and providers involved. * Sends the prepared transaction(s) to your wallet for **approval**. #### 4.2 What Qwerti Does Not Do * Does **not** store or access: * your private keys * your seed phrases * Does **not** move your funds without your explicit consent. * Does **not** execute on-chain actions in the background without your signature (for non-custodial wallets). * Does **not** guarantee profits, price stability, or risk-free usage of DeFi. You remain in full control of your assets at all times. *** ### 5. Trusted Infrastructure & Routing Providers Qwerti integrates only with **reputable, battle-tested providers** in the ecosystem.\ Our routing layer is built on top of well-established protocols and services, such as: * **Swaps & Aggregators / DEX Routers** * Jupiter (Solana) * 1inch * 0x * other leading DEX / routing protocols * **Bridges & Cross-Chain Liquidity** * Relay * OKX bridge / routing stack * other ecosystem-validated bridge providers * **Wallet & Account Abstraction** * Privy (for embedded / smart wallets and account flows) * other audited wallet infrastructure solutions * **Fiat On-Ramps** * MoonPay * and similar regulated providers that handle: * card payments * KYC / AML checks * fiat → crypto conversions Each provider: * operates its own infrastructure and security model * may be regulated in its own jurisdiction * is responsible for: * key management (for wallets) * liquidity * compliance (KYC / AML) * and transaction processing within its domain. Qwerti’s job is to **aggregate** these providers into a single, coherent user experience, not to replace their security layers. *** ### 6. Data & Privacy (High Level) Qwerti only collects the minimum data needed to: * connect your wallet * build and route your transactions * provide analytics for partners (e.g. number of unique wallets, volumes, transactions per campaign) We do **not** collect: * your private keys * your raw seed phrase * full control over your funds. Where possible, analytics are processed in an **aggregated and pseudonymous** way, focusing on: * number of wallets * transaction counts * volumes rather than personal identity. Specific providers (e.g. MoonPay, other on-ramps) may require: * KYC information * identity verification * bank/card data This information is handled directly by those providers under their own privacy and compliance policies, not by Qwerti. *** ### 7. Your Responsibilities & Best Practices Even with a secure, non-custodial design, crypto always carries risk.\ We recommend following these best practices: * Never share your **seed phrase** or **private key** with anyone, including Qwerti or any “support” claiming to be us. * Always double-check the URL (e.g. `app.qwerti.ai`, `docs.qwerti.ai`) to avoid phishing. * Keep your browser, wallet extensions, and OS up to date. * Be cautious with: * unknown tokens * high slippage settings * very illiquid assets * If something feels suspicious, **stop** and verify via official Qwerti channels. *** #### In short: Qwerti is a **non-custodial aggregator** that only acts with your approval, integrates with **trusted providers** like Jupiter, Relay, OKX, 1inch, 0x, Privy, MoonPay and others, and keeps you in full control of your assets while simplifying the UX around them. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.qwerti.ai/general-info/security-and-trust.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.