A collection of our most frequently asked questions.
We offer payments via credit card or Bitcoin. Credit card payments are processed by Stripe and Bitcoin payments are processed by our self-hosted BTCPay Server. Foundation encourages Bitcoin payments.
Yes, preorders are refundable if you cancel your order before we ship. If you change your mind for any reason, let us know and we will issue a refund to your original payment method.
If you pay in Bitcoin but change your mind, we’ll refund your entire purchase amount denominated in Bitcoin.
Likewise, if you pay in Bitcoin but the price appreciates between the day you preorder and the day we ship, we’ll refund your Bitcoin gains before shipping. This way you won’t have to make the difficult choice between paying in Bitcoin to preserve your privacy or losing out on potential Bitcoin gains!
Upon delivering Passport, returns are not accepted for security reasons. Passport cannot be factory reset and re-sold to another customer.
Yes, Passport includes a one year warranty to cover manufacturing defects only. Accidental damage, such as drops or liquid exposure, is not covered. Nor is accidentally bricking the device!
Bitcoin is sovereign money; it gives you ownership over your own financial destiny. There is a common expression in the Bitcoin world: not your keys, not your coins! Whether you own Bitcoin as an investment, as a censorship-resistant currency, or as a convenient way to transact on the Internet, it is important that you store your own private keys (and we can help with that).
Exchange hacks and losses of funds are common occurrences in the Bitcoin world, and no exchange is too big to fail. The more Bitcoin owned by a single exchange, the larger the incentive for attackers to try to steal your coins – whether external hackers or malicious insiders.
By storing your own private keys, you can have true ownership over your Bitcoin while removing the ability for hackers to steal large quantities of Bitcoin from custodians – this strengthens the Bitcoin network! For most users, the best way to store your keys is on a specially designed device called a hardware wallet.
All hardware wallets make tradeoffs between usability, security, and openness. Below is a brief explanation of the tradeoffs from the leading hardware wallet vendors.
Ledger’s hardware and firmware are closed source, with a closed source operating system running on the device. This makes it more difficult for security researchers to discover vulnerabilities that may exist on Ledger’s hardware. Many find Ledger devices difficult to use, as there are only two buttons to navigate and a small screen. And Ledger devices are not airgapped; they use USB and/or Bluetooth. This has been shown to cause certain vulnerabilities
Trezor’s hardware and firmware are open source, but they do not use a security chip (more specifically a secure element). This means that an attacker can extract the private keys in only 15 minutes with commonly available hardware (this can be mitigated by using a strong passphrase). Trezor’s Model T is easy to use due to the capacitive touch screen, but makes clear security tradeoffs as the screen and touch panel have embedded processors running unknown firmware. Trezor devices are also not airgapped; as they use USB.
Coldcard has, in our opinion, the best security model, with source available hardware and firmware plus a secure element for storage of private keys. Coldcard also has great security features, such as a phishing-resistant PIN entry process and security lights. However, Coldcard is designed for the hardcore Bitcoiner and is challenging for normal users.
Passport uses the same security architecture as Coldcard, with open source hardware and firmware plus a secure element, but places a significant emphasis on intuitive design and ease-of-use.
Passport’s larger display, alphanumeric keypad, and navigation pad create a pleasant user experience. Its camera and microSD slot ensure airgapped operations. And it uses more trustable components, like a screen without an embedded processor and AAA batteries for power.
For new users, Passport is designed to be intuitive and approachable. The navigation pad and familiar interface make it easy to set up and use Passport. If you’ve previously found hardware wallets to be intimidating or difficult, we think you’ll have a better experience with Passport.
For expert users, Passport uses the same general security architecture as Coldcard and Bitbox02, but introduces (1) integrated AAA batteries and (2) a camera for more convenient airgapped transactions. Passphrase entry is also a breeze with Passport’s alphanumeric keypad.
Bitcoin is open source software, and we believe open source software should run on open source hardware. Bitcoin necessitates a completely new type of hardware security model – since transactions are immutable, there is no recourse if your Bitcoin are stolen or lost.
Today’s hardware is mostly closed source and uses proprietary designs with confidentiality agreements.
This model worked in a world where thefts could easily be reversed by your bank or credit card company. But in a Bitcoin world, this model is fundamentally broken.
Open source hardware means that security researchers can more easily identify vulnerabilities in our products. It also means that we can adopt best practices from other open source hardware projects – and other open source hardware projects can adopt our best practices too! This leads to a healthy, more secure hardware ecosystem and means that your Bitcoin will be safer.
No, Passport only supports Bitcoin. We do not have any immediate plans to support other cryptocurrencies, and are laser-focused on building the best Bitcoin hardware wallet.
We recently launched Envoy, our mobile companion app. Envoy offers the easiest and most intuititve way to setup and manage Passport to. However, Envoy is completely optional and not a requirement to use Passport in any way.
Passport is designed instead to work with most popular Bitcoin wallets and services. This ensures that you have the ability to select your preferred software wallet, instead of being forced to use our software or services. And it also ensures that Passport strives for mass-compatibility with the Bitcoin ecosystem.
Passport is compatible with any software wallet that supports PSBTs (partially signed Bitcoin transactions).
This includes Bitcoin Core, Electrum, Wasabi, BTCPay, BlueWallet, Sparrow, Specter, and more.
At first, most of these wallets will support Passport via microSD card. We plan to work with them to add compatibility for Passport’s camera via QR codes. BlueWallet and Specter currently support PSBTs over QR codes, and we expect most popular wallets will also support QR codes by the time Passport ships. Thank you to Blockchain Commons for putting together a standard format for data transmission via QR codes.
Yes, Passport supports both single-sig and multisig PSBTs.
Passport uses the same general security architecture as Coldcard, with a processor by STMicroelectronics and a 608a secure element by Microchip. Like Coldcard, the Bitcoin private keys are encrypted on the processor and stored on the secure element to minimize trust in a single chip.
All circuit designs and firmware are open source and auditable.
Passport is completely airgapped, with only a camera and microSD slot for communications, no wireless functionality of any kind. This is important because it closes off numerous attack vectors and ensures that Passport can never communicate directly with an Internet-connected device.
Our Founders Edition device is powered by AAA batteries and Batch 2 devices use a removeable and rechargeable standard form factor lithium-ion battery, typically found in older Nokia phones. This is charged via the power only USB-C port on the bottom of the device. This port is not capable of passing any data since the connectors inside the port required to do so are simply not there.
Foundation Devices is based in the USA, and we believe it is important to have as close a control over our supply chains as possible. By assembling Passport in the USA, we can ensure that (1) we are on the factory floor and closely overseeing assembly, (2) our manufacturers are held to higher regulatory and transparency standards.
Bitcoin represents sovereignty, privacy, and freedom. We believe it is important to build our products in jurisdictions which represent these same values. This is why Foundation will never assemble our products in China.
Envoy is our mobile companion app for Passport, available on Android and iOS and designed to make everything you do with Passport simple. Envoy offers a streamlined Passport setup process and simple, privacy-preserving Bitcoin watch-only wallet.
Unlike other more generic wallet software, Envoy was designed from the ground up to be Passport centric. As with everything we do at Foundation, Envoy is completely Open Source, so you can rest assured that the app makes interacting with your Bitcoin simple, safe and secure.
Envoy was created to provide the best possible software wallet experience for your Passport, right on your mobile phone. This means you can receive straight to your secure cold storage from anywhere in the world.
Envoy is the perfect companion to your Passport. Get onboarded and set up with a new wallet in minutes. Receive a push notification when a new firmware update is available and install it right from your phone! You can use it to receive into your offline cold storage from anywhere in the world, or to facilitate spend transactions for authorisation by Passport.
Envoy will also notify you of company announcements such as blog posts, special offers, security patches or new hardware and software releases.
No, Envoy’s core features will always be free to use. In the future we may introduce paid tiers or subscriptions.
Yes, like everything we do at Foundation, Envoy is completely open source. Envoy is licensed under the same GPLv3 license as our Passport Firmware. For those wanting to check our source code, click here.
No, we pride ourselves on ensuring Passport is compatible with as many different software wallets as possible. See our full list, including tutorials here.
No, anyone is still free to manually download, verify and install new firmware. See here for more information.
Absolutely, there is no limit to the number of Passports you can manage and interact with using Envoy.
Yes, Envoy makes multi-account management simple.
Envoy communicates predominantly via QR codes, however firmware updates are passed from your phone via a microSD card. Passport Batch 2 includes microSD adapters for your phone.
Yes, just be aware that any wallet-specific information, such as address or UTXO labeling, will not be copied to or from Envoy.
This may be possible as most QR enabled hardware wallets communicate in very similar ways, however this is not explicitly supported. As Envoy is open source, we welcome other QR-based hardware wallets to add support!
At this time Envoy only works with ‘on-chain’ Bitcoin. We hope to support Lightning in the future.
The biggest risk is one of privacy, if your phone was stolen and the thief can break your device PIN to access Envoy, they could see the amount of Bitcoin stored within each connected Passport. Your funds are not at risk because any transactions must be authorized by the paired Passport device.
Yes, Envoy acts as a ‘watch-only’ wallet. This means Envoy can construct transactions, but they are useless without the relevant authorization, which only Passport can provide.
Yes, Envoy connects using the Electrum server protocol. To connect to your own Electrum Server, scan the QR or enter the URL provided into the network settings on Envoy.
Downloading and installing Envoy requires zero personal information and, by default, Envoy connects to the internet via Tor, a privacy preserving protocol. This means that Foundation has no way of knowing who you are. Envoy also allows more advanced users the ability to connect to their own Bitcoin node to remove any reliance on the Foundation servers completely.
If the blue shield is pulsing, it means Envoy is establishing a private connection over the Tor network. You should refrain from attempting any transactions until the shield remains static, signifying that there is an active Tor connection.
For your privacy, if the Tor connection fails, Envoy will attempt to create a new Tor identity and will not fallback to clearnet. For repeated Tor failures, restarting the application should be enough to create a new successful connection.
It may also be worth checking the health of the Tor network which can sometimes experience minor outages which could impact on your ability to connect.
At launch Envoy will not support coin control for spending. We plan to add this as an advanced feature in the near future.
At this time Envoy does not support batch spending.
Envoy has two fee settings for the user to choose from when spending, ‘Default’ and ‘Boost’. Default aims to get your transaction finalized within 60 minutes and Boost within 10 minutes. These are estimates based on the network congestion at the time the transaction is built and you will always be shown the cost of both options before finalizing the transaction.