# Self-custody The single most important thing to understand about Ayebot: **we never hold your funds**. Your wallet's private key is encrypted with industry-standard cryptography, stored as an opaque blob, and decrypted only at swap time on your own account's session. We can't move your money. We can't freeze it. We can't see plain-text keys. ## What "self-custodial" means here When you open Ayebot for the first time, the bot generates a wallet for you (or imports one you already have). That wallet is **yours from minute one**. The bot never: * Sends your funds to a pooled hot wallet * Mixes your balance with other users * Holds withdrawal authority over your address * Can refuse to let you export your keys If Ayebot disappeared tomorrow, your wallet would still exist on-chain with your balance intact. You'd export the seed phrase, import it into Phantom (for Solana) or MetaMask (for BSC), and have full access without any cooperation from us. ## How keys are protected * **Generation** — keys are created using cryptographically secure randomness. * **Encryption** — every private key is encrypted with **AES-256-GCM** before it ever touches our database. * **Master key** — the encryption is done with a master key held in a cloud-grade key management service. The master key itself is rotated and audited; nobody on the operator side has plain-text access. * **At rest** — what's actually stored is an opaque encrypted blob. Without the master key, the blob is useless. * **In transit** — every API call to chain RPCs goes over TLS. * **In memory** — keys are decrypted only at the moment of signing a transaction. They're never logged, never exported to monitoring systems, never sent to any third party. ## Your seed phrase When the bot creates a wallet for you, you get a **seed phrase** — 12 or 24 words that fully reconstruct the wallet on any device. * Write it down on paper. * Store it offline. * Don't put it in a cloud-synced note. * Don't take a screenshot. * Don't message it to anyone — not us, not anyone claiming to be us. {% hint style="danger" %} **Anyone with your seed phrase has full control of your wallet.** This is the single biggest risk in crypto. Treat it like the keys to a vault. {% endhint %} ## Exporting your wallet Any time, with no friction: ``` /export ``` The bot reveals your seed phrase one time, in chat, with a self-destruct timer. After the timer expires, the message is deleted from the chat on our side (your own client may still cache it — clear your chat history if you don't want a trace). Once exported, the wallet works in any external app — Phantom, Backpack, Solflare for Solana; MetaMask, Trust Wallet, Rabby for BSC. ## Adding a transaction PIN Want one more friction layer on every trade? Set a transaction PIN: ``` /security pin ``` When set, every swap, withdrawal, or sensitive command asks for the PIN before executing. Useful if your Telegram session is shared (please don't share Telegram sessions). ## What about KYC? There is none. No email, no ID, no selfie, no proof of address. You start trading the moment you open the bot. We do apply **sanctions screening** on counterparty addresses (industry-standard blocklists) to comply with our hosting and infrastructure obligations. This filters out known bad addresses; it doesn't profile you. ## What we can see To run the service, we process: * Your Telegram ID and username (so the bot knows who you are between sessions). * Your wallet's **public** addresses (the on-chain ones — they're public anyway). * Your operation history (swaps, DCA, copy follows) — required to make the service work. * Aggregate metrics (DAU, total swap volume) for operational monitoring. We don't see: * Your seed phrase or plain-text private key — by design, impossible. * Your activity outside the bot — we don't index your wallet's external transactions. * Your real-world identity — there's no field to collect it. See [Privacy Policy](https://ayebot.io/privacy) for the legally formal version. ## If something goes wrong * **Lost Telegram access?** Restore your Telegram, run `/start`, and the bot recovers your wallet from the encrypted blob using your account binding. * **Want to nuke your account?** `/account delete` archives your wallet (you can still recover funds with your seed phrase) and removes you from active analytics. * **Suspect compromise?** Export the seed phrase to a fresh wallet, move funds, then delete the compromised one. ## FAQ **What happens if Ayebot goes offline?**\ Your wallet keeps working. Export the seed phrase to any wallet app and you have full access — nothing is locked to the bot. **Can the team see my private keys?**\ No. Every wallet is encrypted, and the team never has plain-text access. You hold the only readable copy. **Do I need a separate password?**\ Optional. You can add a transaction PIN for extra friction on every trade. Without it, your Telegram session is the gate. **Can I import a wallet I already use elsewhere?**\ Yes — paste the seed phrase or private key during onboarding. Same encryption applies. **Can I have multiple wallets in the same bot account?**\ Yes. The bot supports multiple sub-wallets (e.g. one for memecoins, one for stablecoins). Switch between them in the main menu. ## What to read next * [Getting started](/getting-started.md) — full onboarding flow * [Bot commands](/reference/bot-commands.md) — every /security, /export, /account command * [Privacy Policy](https://ayebot.io/privacy) — the formal data-handling statement --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ayebot.io/wallet-and-security/self-custody.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.