Skip to main content

ND Wallet Architecture

ND Wallet is designed as a modular, secure, and scalable infrastructure for digital asset management. Its architecture supports both self-custodial setups (user-managed keys) and custodial custody (via Fireblocks), with flexible deployment and integration options.

Core Layers

1. Frontend Layers

  • Mobile App — built with Flutter, offering self-custodial wallet UI, biometric login, PIN protection.
  • Web/Micro-frontend or Embedded SDK — for businesses integrating wallet functions.
  • Admin Dashboard — optional Retool-based interface for internal monitoring (in planning).

2. API & Backend

  • Unified API Layer — REST/GraphQL endpoints for wallet creation, transactions, balance queries.
  • ND Wallet Pulse — real-time monitoring via webhooks and notification engine. See On-chain events streaming.
  • Modular Backend (NestJS + TypeScript) — maintains services like wallet, transaction orchestration, user management.
  • The backend uses an event-driven architecture, where services emit and react to custom events through a queue or pub/sub mechanism. This promotes modularity, non-blocking execution, and better scalability across blockchain transaction listeners, webhook systems, and third-party integrations.

3. Data and Storage

  • PostgreSQL — stores user info, wallet metadata, audit logs.
  • Blockchain Nodes / Indexers — on-chain data retrieval and event indexing.

Non-Custodial Mode (Self‑Custody)

  • User generates or imports a mnemonic seed phrase stored only on the mobile device.
  • Transactions are built and signed locally—private keys never leave the device.
  • Security layers include biometric authentication and PIN, enforced encryption at rest.
  • ND Wallet Pulse broadcasts state changes, supports timely notifications.
  • Future plans: passkey/FIDO2, Shamir Secret Sharing, ensuring cross-device recovery for Web.

Data Privacy (Self-Custodial Mode)

ND Wallet operates with zero user data retention in self-custodial mode.
We do not store any private keys, seed phrases, or personal user data on the server side.
Only public wallet addresses are optionally cached to support features like watchlists, transaction monitoring, and portfolio analytics.

All key generation, transaction signing, and sensitive operations occur exclusively on the user's mobile device, protected by OS-level biometric security and encryption.

Custodial Mode (via Fireblocks)

  • Key management delegated to Fireblocks MPC + Policy Engine.
  • Transaction policies enforced externally (limits, approvals).
  • Wallets created via Fireblocks API; events and statuses relayed via webhooks.
  • Backend handles custody lifecycle—suitable for institutional deployments, enterprise use cases.

Data & Identity Handling (Custodial Mode)

In custodial mode, Fireblocks handles private key management and policy-based transaction authorization through its secure MPC infrastructure.
User and account-level metadata (such as vault ownership, roles, and access policies) is managed within Fireblocks' Workspace structure, not by ND Wallet directly.

ND Wallet does not store sensitive identity or credential data in this mode.
Instead, it acts as a frontend orchestration layer, interacting with Fireblocks APIs for account creation, transfers, and audit logs.

Deployment Options

Self-hosted

  • Containerized (Docker/Kubernetes), deployed on client infrastructure.
  • Full control over data, networking, and compliance.
  • Ideal for clients with strict security or data residency needs.
  • Mobile applications can be distributed via App Store and Google Play under the client's own developer accounts.

ND Labs Managed Cloud

  • Hosted and fully managed by ND Labs on secure AWS infrastructure.
  • Backend services are deployed using Amazon ECS (Elastic Container Service) with autoscaling and rolling zero-downtime updates.
  • Persistent data is stored in Amazon RDS for PostgreSQL, with daily backups and automated failover.
  • Infrastructure includes encrypted storage, network-level security groups, and managed secrets.
  • ND Labs handles monitoring, alerts, patching, scaling, and log collection.
  • Uptime SLAs and dedicated support available for enterprise clients.
  • Suitable for both multi-tenant and single-tenant (isolated) deployments.

Custodial vs Non-Custodial Comparison

AspectNon-Custodial (Self-Custody)Custodial (Fireblocks)
Key OwnershipUser-owned on deviceManaged by Fireblocks
Security ModelBiometric / PINMPC + Policy Engine
Transaction SigningOn-deviceVia Fireblocks API
Compliance ControlsOn-chain + webhook auditCentralized via Fireblocks Policies
User ExperienceDirect control, full autonomySimplified, bank-like UX

Summary

ND Wallet provides a unified infrastructure designed to:

  • Support brand-customized mobile and web experiences
  • Flexibly switch between self- and custodial custody
  • Deploy securely via self-hosted or cloud models
  • Scale from retail wallets to enterprise-grade custody services

This architecture enables banks, fintechs, neo-banks, gaming apps, and DeFi platforms to adopt digital assets quickly, securely, and under their own brand.