Where are users' private keys held?

We've adopted an architecture called Delegated Key Management, where keys are generated on the client-side and encrypted directly with AWS KMS through Cognito, without Fortmatic ever seeing the private key at any part of the flow. You can read more about it in our more comprehensive security blog post!

Is the Fortmatic SDK open source?

We will be open sourcing our SDK code soon! We are polishing it up and getting the proper testing and contribution process in place before open sourcing it. Stay tuned in our Telegram!