Turnkey helps you embed secure, user-specific wallets that are backed by policy controls and secure enclaves. The key: sub-organizations — isolated, per-user wallet environments under your app’s main org. Here’s how they work (and why they’re powerful) 🧵

1/ Your app starts as a parent org in Turnkey — holding team-level wallets, permissions and API access. From there you create sub-orgs which are fully isolated accounts that represent your end-users. Each sub-org has its own: ▪️Wallets ▪️Users ▪️Policies

2/ This model supports use cases like: ▪️Per-user hot + cold wallets ▪️Custodial and non-custodial setups ▪️Teams with multi-user wallets and M-of-N approvals Sub-orgs are separated by default. No shared keys. No shared access.

3/ This is where policies come in. Want to limit transfers to whitelisted addresses? Cap daily spend from hot wallets? Require 2-of-3 approvals for large cold wallet moves? ✅ Turnkey’s policy engine makes this programmable using a simple, flexible JSON-based policy language.

4/ All wallet actions are evaluated inside secure enclaves (Trusted Execution Environments) That means policy enforcement happens at the key level - verifiable, tamper-proof, and enforced by hardware. Infra you don’t trust blindly.

5/ Example: One user, two wallets. ▪️Hot wallet → capped to 0.1 ETH ▪️Cold wallet → can only transfer to a known address Each wallet is governed by its own custom policy all provisioned via Turnkey’s API and SDKs.