Where are users' private keys held?

We've adopted an architecture called Delegated Key Management, where keys are generated on the client-side and encrypted directly with AWS KMS through Cognito, without Fortmatic ever seeing the private key at any part of the flow. You can read more about it in our more comprehensive security blog post!