Every centralized crypto platform asks you to trust them with your money. Not with an explicit handshake — but structurally. When your keys live on their servers, you're trusting their security team, their infrastructure, their government compliance, their solvency. History has shown that trust is frequently misplaced.
nimimo makes a different choice: we don't store your keys because we don't want the ability to.
What the server actually stores
nimimo's database contains four types of data: your email, your handle (like @lucky-mountain), your public receiving addresses for Bitcoin, Ethereum, and Solana, and your login session.
That's it. No wallet secrets, no private keys, no encryption keys, no signing material. If someone stole our entire database tomorrow, they would learn that @lucky-mountain can receive Bitcoin at a certain address and Ethereum at another. They could not move a single cent.
The custody problem is structural
When an exchange holds your keys, every employee with database access is a potential threat. Every server misconfiguration is a potential breach. Every government subpoena is a potential freeze. The attack surface isn't a bug — it's the architecture.
FTX didn't lose customer funds because of a hack. Celsius didn't freeze withdrawals because of a bug. These were structural failures of the custodial model. When you give someone your keys, you're betting they'll always act in your interest. That's not security — it's faith.
How nimimo eliminates the target
You can't steal what doesn't exist. nimimo's server is architecturally incapable of accessing user funds. Your wallet is created in your browser, encrypted before it's stored, and never sent over the internet. The server's job is coordination: resolving handles to addresses, caching public data for fast lookups, managing login sessions.
These are useful services, but none of them require holding anyone's keys. The server makes the experience smooth without compromising the security model.
The cost of not storing keys
Non-custody has a real cost: nimimo cannot help you if you lose both your device and your recovery card. There is no 'forgot password' for crypto keys. There is no support escalation that ends with your funds returned. This is the trade-off — and we think it's the right one.
We mitigate it with recovery cards — encrypted, verifiable, portable backups that you control. But the responsibility is yours. The history of crypto custody failures suggests the alternative is worse.
Not storing keys is the feature
This isn't a limitation we're working around. It's the core design decision everything else is built on. The layered security, the recovery cards, the device encryption, the client-side transaction signing — all of it exists because we made one choice at the beginning: the server is a directory and a cache. Not a vault.
Every feature we build starts with that constraint. And every feature is better for it.