Choosing a Custody Model

Planbok offers two distinct infrastructure models to support various business needs, from high-stakes treasury management to retail-focused sovereign wallets. Choosing the right model depends on your security requirements, user experience goals, and regulatory environment.

1. Organizational Wallets

Managed by your team, these wallets are ideal for internal treasury, automated payouts, and operational liquidity.

Infrastructure Modes

• Standard Mode: Planbok manages both MPC shares for simplified integration. Best for internal operations where speed and ease of use are prioritized.
• Trustless Mode: You provide client-managed entropy via the Organization Secret. Planbok cannot reconstruct the keys without your participation. Best for businesses requiring a high degree of cryptographic sovereignty.

2. Customer Custody Wallets

Designed for your end-users, these wallets offer true self-custody with a familiar user experience.

Security Infrastructure

• PIN-Blinding: Node 1's share is blinded by the user's PIN using Argon2id. Only the user can "unwrap" the share on their device.
• Personal Sovereignty: The user is the primary signer. Planbok acts as a secondary signer to enforce security rules, but never has access to the user's keys.

Security & Compliance Matrix

Which model should you choose?

• Choose Organizational Wallets if you are building an exchange, a payroll system, or any application where the company manages the assets.
• Choose Customer Custody Wallets if you are building a retail wallet, a social platform, or any application where users should have full control and ownership of their digital identity and assets.

For technical details on how these shares are handled, refer to the Security Model and Custody Models concept pages.