> ## Documentation Index
> Fetch the complete documentation index at: https://docs.polygon.technology/llms.txt
> Use this file to discover all available pages before exploring further.

# Wallet Architecture

> How embedded wallets work end-to-end: smart sessions, identity attestation, Merkleized configuration, and the Guard Firewall.

<Frame>
  <img src="https://mintcdn.com/polygon-labs/VkcEffhTmvkZDVvm/img/wallets/ecosystem/ecosystem-color.jpeg?fit=max&auto=format&n=VkcEffhTmvkZDVvm&q=85&s=ad34a90ba3854e38d1b686b242405f0b" alt="Embedded wallet architecture" width="1280" height="720" data-path="img/wallets/ecosystem/ecosystem-color.jpeg" />
</Frame>

The embedded wallet stack combines four core systems that work together to deliver non-custodial, frictionless wallets for financial products.

## Core systems

* **Smart Sessions** remove signing friction by sandboxing permissions per app. Users approve a session once; the app executes within that scope automatically. See [Smart Sessions](/wallets/smart-sessions).
* **Identity Instrument** handles authentication and session attestation inside an AWS Nitro Enclave. Your app never handles raw OAuth tokens or client secrets. See [Identity Instrument](/wallets/identity-instrument).
* **Merkleized wallet configuration** stores a single onchain root that commits to all signers, sessions, recovery keys, and extensions. Cross-chain by default. See [Wallet Configuration](/wallets/wallet-configuration).
* **Guard Firewall** reviews every transaction against ecosystem policies, threat simulations, and blacklists before allowing onchain execution. See [Guard Firewall](/wallets/guard-firewall).

## Deployment options

<CardGroup>
  <Card title="Hosted Wallet" href="/wallets/hosted-wallet">
    Sequence operates the wallet on your domain with your branding. Control configuration in Builder and launch on a custom domain.
  </Card>

  <Card title="Custom Wallet" href="/wallets/custom-wallet">
    Build a wallet with the Wallet Development Kit on top of Sequence infrastructure. Critical components can be self-hosted. Includes native mobile (iOS and Android) via React Native.
  </Card>
</CardGroup>

## Security model

* Users control their keys. No single party, including Polygon, can unilaterally move funds.
* Key shards use Shamir's Secret Sharing distributed across geographically separate remote key holders.
* Critical signing and identity operations run in TEEs (AWS Nitro Enclaves), hardware-verified and publicly attestable.
* Contract audits are published in the [Sequence technical references](https://docs.sequence.xyz/solutions/technical-references/contract-audits).