# Recovery Mechanisms

*Users are often lazy with security. We apply "Progressive Security": We don't force setup at onboarding. Instead, we trigger a "Health Check" prompt once the account balance exceeds $10, nudging users to set up a recovery method.*

**Mechanism 1: Self-Custody Backup Key (The Gold Standard)**

* **Setup:** User selects "Backup Code" -> System generates a standard 12-word Seed Phrase (or Private Key) - >User writes it down or saves it to a Password Manager.
* **Usage:** On a new device, choose "Restore with Backup Code" -> Enter the 12 words -> System derives the key and allows setting up a new Passkey.
* *Tech:* The client generates an EOA key pair locally, registers the Public Key as an Owner on the Smart Contract, and discards the Private Key from memory (user holds it).

**Mechanism 2: Social Recovery (Guardians)**

* **Setup:** User invites trusted friends (Guardians). Friends accept by connecting their wallets. User confirms the list on-chain (e.g., Threshold 2/3).
* **Usage:** User loses device -> Requests recovery on new device -> Sends "Help Link" to friends -> Friends click link and sign "Approve" -> Once threshold (2/3) is met, the Smart Contract updates the Owner to the new device.

**Mechanism 3: Admin Recovery (Last Resort)**

This is the ultimate safety net, ensuring decentralization and **Self-Sovereignty**. Instead of trusting a centralized Admin, users leverage their own Google Account via a trustless cryptographic protocol.

* **Decentralized Security:** Uses Multi-Party Computation (MPC) to create a virtual vault linked to your Google ID. Key shares are split and never reconstructed, ensuring no single party (including Bullbit) can access your funds.
* **Setup:** Users proactively enable this feature by linking their Google Account. The system registers a unique MPC address on the Smart Contract as the sole authorized recovery agent.
* **Trustless Execution:** To recover a lost wallet, simply log in with Google on a new device. The MPC network verifies your identity and signs a transaction to transfer ownership, triggering a mandatory **3-Day Timelock**.
* **Anti-Theft Veto Power:** During the 3-day wait, a "Red Alert" warns you on all active devices. If the recovery attempt is unauthorized, you can instantly hit **"CANCEL"** using your old keys to revoke the request.