# Security Shotgun is built on a non-custodial model - your funds are always yours. Understanding how the system works helps you protect yourself. *** ## Wallet Custody & Turnkey Shotgun uses **Turnkey** to handle authentication and wallet key management. How your keys are secured depends on how you signed up: ### If you connected an existing wallet (Phantom) * Your private keys remain entirely in your own wallet * Shotgun only reads your public address - it never has access to your keys * You control your funds the same way you always have ### If you signed up with Email or Google * Turnkey generates an **embedded wallet** for you * Your private keys are encrypted using your account password - Turnkey itself cannot access them * Keys are stored in encrypted form; only your password unlocks them * You can export your private keys at any time from your account Settings *** ## Your Password If you use email or Google login, your account password is the key to your embedded wallet. {% hint style="danger" %} **Shotgun cannot recover your password.** If you lose your password and haven't backed up your recovery phrase, you may permanently lose access to your wallet and funds. Save your password offline, somewhere physically secure. {% endhint %} * Store your password offline (not in a notes app, not in a screenshot) * Use a password manager if you need digital storage * Never share your password with anyone - Shotgun support will never ask for it *** ## Exporting Your Private Keys You can also export your raw private key from wallet management menu. {% hint style="warning" %} Only export your private key in a **trusted, secure environment** - never on a shared computer, public WiFi, or in response to a request from anyone online. A private key grants complete, irreversible control over all funds in that wallet. {% endhint %} **How to Export Your Private Keys:** 1. Open your Shotgun account Settings 2. Navigate to the Wallet Management 3. Click on Export Private Key 4. Copy Private key to a secure place *** ## Protecting Against Phishing Phishing is the most common way crypto users lose funds. Attackers create fake versions of Shotgun to steal your credentials or seed phrase. **Always verify you're on the official Shotgun domain before connecting your wallet or entering any credentials.** ### Official Shotgun Links | Resource | URL | | ----------- | ---------------------------------- | | Website | | | App | | | X (Twitter) | | | Discord | | {% hint style="danger" %} If a link you received doesn't match the official URLs above - **do not connect your wallet**. Report suspicious links in the official Shotgun Discord. {% endhint %} *** ## Smart Contract Risk When trading any token on Solana, you are interacting with smart contracts that Shotgun does not control. Be aware: * **Rug pulls** - token developers can remove liquidity and abandon the project * **Honeypots** - some tokens can be bought but not sold * **Mint authority** - if not revoked, developers can create unlimited new tokens and dilute your holdings * **Freeze authority** - some tokens can have trading frozen by the developer {% hint style="info" %} Use the **Holders** section on any token page to check for concentrated ownership, active dev wallets, and vesting indicators before buying. {% endhint %} *** ## Trading Risk Disclosure Cryptocurrency trading involves substantial risk. Prices can move dramatically in short periods. Shotgun is a tool - it does not guarantee profits or protect against market losses. * Only trade with funds you can afford to lose * Limit orders and stop losses can help manage risk but are not guaranteed to execute at your exact target price during extreme volatility * Past performance does not predict future results --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.shotgun.fun/getting-started/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.