WaaP vs Privy

WaaP and Privy both provide embedded wallet infrastructure — social login, no seed phrases, smooth onboarding. The difference is what’s under the hood.

WaaP is free to integrate. No per-signature fees, no MAU caps — instead, a revenue share model that turns your wallet infrastructure into a revenue line. Privy’s free tier caps at 50K signatures and $1M volume per month, then bills on usage. More users = higher costs.

WaaP is also architecturally different. Privy reconstructs the full private key inside a single enclave every time a user signs — a single point of failure. WaaP uses 2-Party Computation: key shares live in separate enclaves and are never combined. No single entity can move funds alone. And WaaP is the only provider that offers inbound migration tooling — we pre-generate wallets for your users before you change a line of code. Once users log in, they can upgrade their MFA settings (adding passkeys, additional auth factors) to achieve security comparable to hardware wallets.

Why Developers Choose WaaP over Privy

	WaaP	Privy
Free to integrate	No per-signature fees. No MAU caps. Revenue share model — your wallet infrastructure generates revenue, not costs.	Free tier caps at 50K signatures and $1M volume/month. Usage-based billing above that. Costs scale with your users.
No single point of failure	Key shares live in separate enclaves and are never reconstructed in the same place. Your app can’t act without user consent by default.	Full key is reconstructed inside a single enclave. If that enclave is compromised, all key material is exposed.
One wallet, every dApp	Universal accounts. Users keep their on-chain identity, reputation, airdrops, and composability across all applications.	Per-dApp wallets. Each integration creates siloed wallets. Users can export keys, but that’s an escape hatch, not the default.
Human-in-the-loop	One-tap approval via Telegram, email, or SMS. Users supervise agent operations from their phone.	Quorum approvals require cryptographic key signatures — enterprise-grade but inaccessible for individuals and small teams.
Migration tooling	Account Pregeneration API — pre-generate wallets for your entire user base before switching. Zero-friction migration.	No inbound migration tooling.
No vendor lock-in	EIP-1193 compliant. Drop-in with wagmi, ethers, viem. Protocol architecture with planned decentralized signing via Ika Network.	Proprietary infrastructure. Migrating away requires key export and manual user re-onboarding.

We pre-generate wallets for your users before you change a line of code. Read the migration guide →

How the Architecture Differs

The critical difference isn’t where keys are stored — it’s where they’re reconstructed.

Privy: key reconstructed in a single enclave


┌─────────────────────────────────┐
│        Privy Infrastructure     │
│                                 │
│  ┌───────────┐  ┌────────────┐  │
│  │  Enclave  │  │    Auth    │  │
│  │   Share   │  │   Share    │  │
│  │  (in TEE) │  │ (encrypted)│  │
│  └───────────┘  └────────────┘  │
│          │              │        │
│          └──────┬───────┘        │
│       Full key reconstructed    │
│       in single enclave ⚠️       │
└─────────────────────────────────┘

Privy splits the key into two shares, but both shares are brought together inside a single TEE to sign. This creates a single point of failure: if that enclave is compromised (hardware vulnerability, supply chain attack, insider threat), all key material for all users is potentially exposed in one place.

WaaP: shares never in the same place


┌──────────────┐    ┌──────────────────┐
│  User's Auth │    │ WaaP Infrastructure│
│              │    │                    │
│ ┌──────────┐ │    │  ┌──────────────┐ │
│ │Sovereign │ │    │  │   Security   │ │
│ │  Share   │ │    │  │    Share     │ │
│ │(auth-gated)│   │  │   (in TEE)   │ │
│ └──────────┘ │    │  └──────────────┘ │
└──────────────┘    └──────────────────┘
        │                     │
        └────── 2PC sign ─────┘
     (cooperate without combining)

WaaP uses 2-Party Computation (2PC). The user’s Sovereign Share is gated by their primary authentication method (e.g., Google account, email) — anyone who authenticates as the user can access it. WaaP’s Security Share stays in a separate TEE. They cooperate to produce a signature without the full key ever existing in one place. Users can strengthen their account security by adding MFA (passkeys, additional auth factors), reaching security comparable to hardware wallets. For a full breakdown of the architecture, see Architecture & Security Model.

This significantly mitigates the risk of key compromise — even if WaaP’s infrastructure is breached, funds cannot move without the user’s authentication.

Planned upgrade: WaaP’s Security Share will be distributed across the Ika Network (decentralized validator set), further reducing the trust assumption on any single piece of infrastructure.

Full Feature Comparison

	WaaP	Privy
Pricing	Free integration + revenue share	Free tier with usage-based billing above caps
Custody	2PC — shares in separate enclaves, never reconstructed together	Key sharding — reconstructed in single TEE
Wallet scope	Universal accounts across all dApps	Per-dApp wallets (export as escape hatch)
Chain support	EVM (all chains, runtime-configurable). Sui and Solana coming soon.	EVM, Solana, Bitcoin
Standards	EIP-1193 (drop-in with wagmi/ethers/viem)	Custom SDK with wagmi/viem integration
Security controls	Daily spend limits, 2FA, auto-approve rules, human-in-the-loop approval via Telegram/email/SMS	Function-level restrictions, time windows, asset restrictions, quorum approvals
Human oversight	One-tap approval on your phone	Cryptographic key signatures (no notification flow)
Agent support	Headless CLI with 2FA + Permission Tokens	Server wallets with programmatic policy engine
Migration tooling	Account Pregeneration API	None
Security audits	Multiple independent security audits (Cure53, Hexens, Least Authority, Halborn) + consulting (Anderson Software, Distrust)	SOC 2 Type II. Quarterly audits. Open source crypto libraries.
Vendor lock-in	Protocol architecture. Standards-compliant. Decentralized signing roadmap.	Proprietary infrastructure

Pricing Comparison

Privy

Developer (free): 50K monthly signatures, $1M monthly transaction volume, up to 10K MAU.
Scale: Custom pricing per transaction or per transacting wallet. Required above free tier thresholds.

Costs scale with your user base. More users = higher bills.

WaaP

Integration: Free. No per-signature fees. No MAU caps.
Revenue model: Per-partner revenue share on user transaction activity. Your wallet infrastructure generates revenue instead of costs.

Your wallet infrastructure becomes a revenue line, not a cost center.

Security Controls: Different Approaches

Both WaaP and Privy offer programmable security controls, but they optimize for different things.

Privy offers more granular programmatic policy options: function-level smart contract restrictions, time-of-transaction windows, asset restrictions, and m-of-n quorum approvals enforced inside their TEE. These are powerful for enterprise teams managing treasury wallets with multi-sig governance.

WaaP optimizes for human-in-the-loop oversight — the security model developers actually want when users or agents are transacting. Instead of configuring policy JSON, your users get a Telegram message describing what the agent wants to do and tap “approve” or “deny.” This is the difference between programmatic guardrails and real-time human supervision.

WaaP’s security controls include daily spend limits, 2FA thresholds, auto-approve rules for low-risk operations, and time-bounded Permission Tokens for scoped agent autonomy. Combined with 2PC custody, these controls are enforced cryptographically — the signing layer itself won’t cooperate without proper authorization.

Where Privy Is Ahead

We believe in being straightforward:

Scale track record. 75M+ accounts across 1,000+ developer teams. WaaP is production-ready with multiple independent security audits, but Privy has more deployment history at massive scale.
Broader chain support today. Privy supports Solana and Bitcoin now. WaaP currently supports EVM chains, with Sui and Solana coming soon.

Switching from Privy to WaaP

We built migration tooling specifically for this. Here’s what the process looks like:

We pre-generate accounts for your users using the Account Pregeneration API — before you change anything in your app.
You swap the SDK — WaaP is EIP-1193 compliant, so if you’re using wagmi/ethers/viem, it’s a drop-in replacement.
Your users log in and land in a pre-generated WaaP wallet. No extra signup flow.
Assets transfer from old Privy wallets to new WaaP addresses (automated for server-side wallets, user-initiated for client-side wallets, ownership-transfer for smart wallets).

No other wallet provider offers inbound migration tooling.

Read the full migration guide →

Ready to Get Started?

Contact us → for migration planning, API key setup, revenue share terms, or enterprise support.

Try it yourself — Build a wallet in the Playground in under 5 minutes.
Read the docs — Full SDK and CLI reference throughout this site.
Run an agent — Set up an AI agent wallet in 5 minutes with waap-cli.