Non-custodial crypto wallet with secure-enclave keys
A non-custodial crypto wallet that keeps private keys in the device secure enclave and replaces the seed phrase with social recovery, rated 4.6★ on the stores with 89% onboarding completion.
A non-custodial crypto wallet anyone can actually use
A non-custodial crypto wallet hands the user something most apps quietly keep for themselves: control. The keys are theirs, the funds are theirs, and no company can freeze an account or move money on their behalf. Swissy was built around that idea, a mobile wallet for everyday people, live on iOS and Android, that lets someone hold their own crypto without trusting an exchange to hold it for them.
The catch with self-custody has always been the gap between the promise and the experience. Holding your own keys sounds empowering until you meet the seed phrase, the words you are told to write down and never lose, because losing them means losing everything with no support line to call. That single requirement scares most people back to a custodial exchange, where at least someone can reset a password. The brief was to close that gap: build a fintech product for people who are not crypto natives, give them genuine self-custody, and make it feel as ordinary as opening a banking app.
Why a self-custody wallet has to feel like a banking app
A self-custody wallet asks the user to take on a job a bank normally does: keeping the keys safe. Most wallets carry little of that weight, with an interface that looks like a developer tool and a recovery model that assumes the discipline of a system administrator. For a mainstream audience, that is the moment they quit.
The first problem was the fear of permanent loss. In a custodial app, a forgotten password is a minor irritation; in a non-custodial one, a lost key with no recovery path means the money is gone for good. People feel that risk before they understand it, and they hesitate to move real funds into a wallet with no way back. Removing that hesitation meant a recovery story that did not depend on the user being perfect.
Biometrics were the second hard part. Face and fingerprint unlock are the obvious way to make a wallet feel like a banking app, but phone hardware varies enormously, and a gate that feels instant on a flagship phone cannot stutter on a three-year-old mid-range one. A security feature that misfires just teaches users to work around it. The third problem was money crossing a border: letting someone buy crypto with a debit card sounds simple until the rules change with every country and currency. Payment methods differ, the compliance checks a provider must run differ, and folding all of that into a single buy button was its own problem before a line of wallet code was written.
What we built into the non-custodial wallet
We built a wallet where the hard security lives underneath and the surface stays calm, each decision aimed at a specific reason people abandon self-custody. Our custom software development practice delivered it as a single mobile product across iOS and Android, security model first, interface built to hide its weight.
Secure-enclave key storage
Private keys are generated inside the device's hardware secure enclave and never leave it. Signing happens inside the isolated element.
Biometric authentication
Face or fingerprint gates every sensitive action, tying access to the person holding the device rather than a password that can leak.
Social recovery
Encrypted key fragments are shared with trusted contacts, so a lost phone doesn't mean lost funds, and there's no seed phrase to misplace.
Built-in fiat on-ramp
Buy crypto with ordinary money without leaving the wallet; the on-ramp picks a provider by location and currency, and coins land in self-custody.
Secure-enclave key storage and biometric authentication
The most important decision in the product is where the private key lives.
Keys that never leave the device
In Swissy, the key is generated inside the device's hardware secure enclave, a dedicated chip walled off from the main processor and the operating system. It is created there and it never leaves. When the wallet needs to authorize a transaction, it does not fetch the key and sign in software where malware could intercept it. The signing request goes into the secure enclave and the signed result comes back out, so the raw key never crosses that boundary. This is the same class of hardware isolation that protects payment credentials on a modern phone, documented in Apple's secure enclave guidance. Even an attacker who fully owns the rest of the phone cannot lift the key, because the key was never theirs to reach.
Biometrics are the gate in front of that machinery. Every sensitive action, opening the wallet, approving a send, changing security settings, sits behind a face or fingerprint check, tying access to the human holding the phone rather than to a password that can be phished or leaked in a breach elsewhere. Because the biometric check is wired to the same secure hardware that guards the key, unlock and signing share one trust boundary. Getting that gate to behave consistently across the full range of phones our users carry was a large share of the work.
Social recovery without giving up self-custody
Recovery is where Swissy parts ways with almost every other wallet, and it is the feature we are proudest of. The standard answer to "what if I lose my phone" is the seed phrase: write down a list of words, store them safely, and hope you can find them years later. People lose paper, photograph it and get hacked, or store it somewhere so safe they never see it again. That fragility is the single biggest reason self-custody scares people, and we wanted it gone.
Social recovery replaces it. When the user sets up the wallet, the key is split into encrypted fragments handed to a set of trusted contacts the user chooses, their guardians. No single contact ever holds a usable key; a fragment on its own is just encrypted noise, so one guardian cannot reconstruct anything or reach into the wallet. Recovery happens only when a quorum of guardians comes together to restore access on a new device. Lose a phone, set up the next one, and the wallet comes back.
The mechanics matter, because plenty of wallets say "social recovery" without explaining what it protects against. Splitting the key cryptographically distributes the trust instead of handing it to one person or server: the user is not trusting a guardian with their funds, but trusting that a group of people they picked will not all collude, a far safer bet than a single slip of paper. For more on how key handling shapes a wallet, our guide to crypto wallet development goes deeper into the trade-offs against the seed phrase model. The result is genuine self-custody that no longer rests on a phrase the user has to guard for years.
Architecture: keys, recovery, and the fiat on-ramp
The architecture draws a hard line between two very different things: the keys, which must never leave the user's control, and the on-ramp, the one place ordinary money enters the system. Key material lives in the secure enclave and the recovery fragments sit with the user's guardians, while the fiat on-ramp reaches out to a payment provider in the outside world. The part that touches banks and cards never sits near the part that holds the keys.
Choosing social recovery over the alternatives was deliberate. We could have built on MPC, where a key is computed jointly across several parties so the whole key never exists in one place, or on multi-signature wallets, where several keys must co-sign every transaction. Both are strong, and both fit a mainstream user poorly. MPC usually leans on a key-share service running quietly in the background, reintroducing a party the user has to trust. Multi-sig asks the user to manage co-signers for routine spending, overhead most people will never tolerate. Social recovery reaches the same goal, no single point of failure, in a form a non-technical person understands.
The on-ramp solves the jurisdiction problem by abstracting it away. When a user goes to buy crypto, the wallet selects a payment provider based on their location and currency, and that provider runs whatever identity and compliance checks it must in that market. The KYC and AML obligations sit with the provider, not with Swissy, and the user simply sees a buy flow that works wherever they are, with the purchased coins landing directly in the self-custodied wallet. For the lower-level work behind asset handling, our blockchain development practice carried the on-chain side.
Results for a non-custodial wallet built for everyday users
The shift that matters most does not show up in a single number. Onboarding stopped being the moment people backed out: a new user could reach a working, funded wallet without being handed a phrase that made them nervous, so the first session felt like trying a banking app rather than signing a waiver. Recovery moved from a thing people skipped to a thing people set up, because choosing a few trusted contacts makes intuitive sense in a way storing a cryptographic backup never did. And buying crypto stopped meaning a detour through an exchange: people could put real money in and keep it under their own keys the whole time.
First-time holders
People moving their first crypto into self-custody get a setup that feels like a banking app, with no seed phrase to write down and no jargon at the door.
Security-conscious self-custody users
Keys generated in the secure enclave, biometric gates on every action, and a recovery model with no custodian give careful users real control without a fragile backup
Multi-device users
Switching or replacing a phone means restoring through trusted guardians rather than hunting for a backup phrase, so a new device is a quick recovery, not a crisis
Teams building their own wallet
Founders who want a wallet like this get a proven blueprint: secure-enclave keys, social recovery, biometric auth, and a fiat on-ramp, built and shipped to both stores
Swissy shows what a non-custodial crypto wallet can be when the security and the experience are taken equally seriously. It sits alongside other wallet work in our portfolio that takes different angles on the same problem: Kanso, a design-first wallet built around the feel of the product, and All Crypto Mechanics, a custodial exchange paired with a hardware wallet at the opposite end of the custody spectrum. Swissy stakes out the spot where self-custody finally feels easy.
Results
Frequently asked questions
A non-custodial crypto wallet is one where you hold your own private keys instead of trusting an exchange or provider to hold them for you. The keys live on your device, every transaction is signed locally, and no third party can freeze or move your funds. Swissy is non-custodial by design, so the people using it keep full control of their assets.
In Swissy, the private key is generated inside the phone's hardware secure enclave and never leaves it. Signing happens inside that isolated chip, so the raw key is never exposed to the app, the operating system, or the network. Biometric authentication gates every sensitive action, which ties access to the person holding the device rather than to a password that can leak.
Swissy replaces the fragile seed phrase with social recovery. The key is split into encrypted fragments that go to a set of trusted contacts you choose. No single contact can see or rebuild your key, but together a quorum can help you restore access on a new device. You recover your wallet without a written phrase to lose, and without handing custody to anyone.
Yes. Swissy has a built-in fiat on-ramp that lets someone buy crypto with ordinary money without leaving the wallet. The on-ramp picks a payment provider based on the user's location and currency, and the provider runs whatever identity checks it requires. The coins land straight in the user's self-custodied wallet, so buying crypto never means giving up control of the keys.
A custodial wallet holds your keys for you, which is convenient until the provider fails or freezes access; a non-custodial wallet puts that responsibility on the user. We chose social recovery over MPC or multi-signature schemes because it gives everyday users a recovery path they actually understand, lean on people you trust, without the operational weight of co-signers or a key-share service running in the background.
Yes. Non-custodial wallets are one of the deepest parts of our portfolio, from secure-enclave key storage and social recovery to biometric authentication, multi-chain assets, and fiat on-ramp integration. We scope crypto wallet development from discovery through App Store and Google Play release, and we map the cost to your feature set up front. Tell us what you are planning and we will size it.
Related cases
More production work from across our portfolio.

eIDAS-qualified e-signature platform with KYC & blockchain audit
One platform to sign agreements, verify identities, and collect payments, all eIDAS-qualified with a blockchain audit trail on every signature.
Neobank and digital banking platform we designed and built
An eco-positioned neobank and digital banking platform that puts accounts, loans, financial advice, and budgeting in one app, designed and built end to end for a younger audience that never visits a branch.
Crypto exchange development for a 150+ currency platform
Crypto exchange development for EVERSE: a centralized platform trading 150+ cryptocurrencies, built from scratch to serve a first-time buyer and a professional trader from one product, on web and mobile, without a feature gap between them.