tl;dr We create 2 wallets: a signer wallet and a Smart Contract Wallet (SCW). You keep your funds in SCW. Signer wallet controls your SCW and signs its transactions. Signer wallet is protected by the enterprise-grade MPC security. Both wallets are fully non-custodial.

In very simple terms, 'traditional' Ethereum wallet is simply a pair of keys: a private key that is used to sign transactions (controls your wallet), and a public key (your wallet address) that is cryptographically derived from the private key.

These 'traditional' wallets are called Externally Owned Accounts (or EOAs) in Ethereum devs speak. At the moment, only such wallets (EOAs) can sign transactions on Ethereum blockchain.

Smart Contract Wallets (or SCWs) are, in essence, smart contracts deployed on the blockchain. As such, they cannot sign transactions (only EOAs can). To solve this, for SCWs the wallet address and the signer are decoupled.

Thus, when you click 'Setup wallet' in goodcryptox, two wallets are created:

Wallet 1 (signer) - a 'traditional' wallet (EOA). The private key of this wallet is used to sign transactions made with your SCW. This wallet, theoretically, has an address (since it can be derived from the private key), but it does not play any role (as this wallet never receives any funds) and you should not be concerned with it.

Wallet 2 (wallet) - a Smart Contract Wallet that is a smart contract deployed on the blockchain. Address of that smart contract is your wallet address (you see it in the top right corner of the screen). This address holds your funds and sends swaps and transactions. Swaps and transactions sent from this wallet are signed by the Wallet 1.

The Smart Contract Wallet (Wallet 2) is built on ZeroDev infrastructure. ZeroDev is the current leader in SCW space. ZeroDev's smart contract (Kernel) is the most widely-deployed SCW's contract to date. It is robust, very gas efficient (to our knowledge - the most efficient on the market), and security-audited.

The Smart Contract Wallet does not have a private key. Its security is entirely dependent on the security of its signer (wallet 1).

Wallet 1 (signer) is built on and secured by web3auth - one of the leaders in web3 wallets infrastructure, powering Trust wallet and many others.

When the signer wallet is created, its private key is initially split in 2 shards or factors, making it a 2/2 wallet (meaning it requires 2 factors of the private key that are held by 2 different parties to sign a transaction).

The first factor is tied to your GoodCrypto account, it is encrypted and stored by our infrastructure. The second factor is held by the web3auth's encrypted cloud server.

This means that your private key is never actually stored anywhere - only its encrypted shards are. Even when a transaction is signed, the private key is not reconstructed - web3auth's enterprise-grade full MPC technology allows for signature creation without ever reconstructing the private key. The procces is similar to zero-knowledge proofs.

At this point your wallet's security is already comparable to cold wallets - similar setups are used by the most crypto funds and VCs to secure their holdings. Also, as both private key shards are stored in the cloud, your wallet will seamlessly 'travel' with you from device to device - all you need to do to access it is to sign in to your GoodCrypto account. Yet, this setup is 'semi-custodial' as two third parties together control your private key (we and web3auth). While none of the parties can access your funds on their own, theoretically, should they collude or get breached at the same time, together they could access your funds.

However, once you create a recovery phrase for your wallet, it is automatically converted to a fully non-custodial 2/3 wallet. This means that your private key is divided into 3 parts or factors and having 2 of them will be required to sign a transaction.

The first factor is tied to your GoodCrypto account, it is encrypted and stored by our infrastructure. The second factor is the recovery phrase you created. The third factor is derived from your recovery phrase and stored on your device so that you won't have to enter it each time you open the app.

This ensures that no third party under any condition has access to your private key, making it a fully non-custodial wallet.

After your wallet is created, we issue session keys that allow us to trade from this wallet on your behalf (and only that), encrypt them, and send to our servers. Issuing session key requires signing it with your wallet - we do that under the hood. After that, all trading is done using your session key. The only transactions that you need to sign personally are transfers out of the wallet.

As soon as your wallet is created it can already receive incoming transfers. Its smart contract will actually be deployed to blockchain together with the first transaction it sends (swap or transfer). Before it is deployed, explorers will see your wallet as a 'traditional' (EOA) wallet. Smart contract deployment costs some gas - expect your first transaction to be a bit more expensive than usual.

In the future you will be able to bring your own wallet to use as a signer for your smart contract wallet instead of Wallet 1. You'll be able to use Metamask or any other wallet that supports WalletConnect (most wallets do). In this case, of course, the security of your private key will become entirely your responsibility.