When nimimo says your keys never leave your device, that's not marketing — it's how the system is built. This post explains what happens behind the scenes when you create an identity, without the cryptography textbook.
Your wallet starts with one secret
When you create a nimimo identity, your browser generates a wallet secret — the same kind used by every major hardware wallet like Ledger or Trezor. From that one secret, nimimo derives your addresses for Bitcoin, Ethereum, and Solana. One secret, three chains, everything mathematically linked.
The difference? You don't have to write it down, manage it, or even know it exists. nimimo handles the rest.
Layer one: your device locks it
Your wallet secret needs to be stored securely between browser sessions. nimimo creates a unique encryption key tied to your specific device. This key is generated once, stored in your browser's secure storage, and used to lock your wallet secret whenever it's not actively needed.
The encryption is strong enough that even if someone copied the encrypted data, they couldn't read it without your device's key. And the key itself is designed so that not even the webpage can extract its raw value — it stays locked inside the browser's security layer.
Layer two: your recovery card
When you create a recovery card, nimimo takes your wallet secret and re-encrypts it with a PIN or password you choose. The encryption is intentionally slow — each guess takes about a second — so even a simple PIN is expensive to crack.
This encrypted version goes into a QR code on a PDF. Without your PIN, the QR is meaningless noise. With your PIN, it's your entire wallet — ready to restore on any device.
What the server knows
The server stores your email, your handle, and your public addresses — the addresses where people can send you crypto. It has zero access to your wallet secret, your device key, or anything that could be used to move your funds.
A complete server breach would expose where you can receive funds — but give an attacker no ability to spend them. That's the guarantee.
The trade-off
If you clear your browser data and have no recovery card, your wallet is gone. There is no 'forgot password' flow. There is no support ticket that can bring it back. nimimo cannot recover what it never had.
That's why recovery cards exist, and why nimimo asks you to verify your backup actually works. The system is designed so that you never need to think about the encryption — but it's always there, protecting you by default.