during social recovery setup, your bitkey app encrypts your phone key using your friend’s public key. only their phone can decrypt it. let me explain it in a bit more detail.... here’s the flow: 1) you invite a trusted contact 2) their bitkey app creates an asymmetric keypair 3) their public key is sent to your app 4) your phone key is encrypted with that public key 5) the encrypted key is stored in your cloud 6) their private key stays on their device... optionally backed up to their cloud but never to block (!) during recovery: 1) you initiate it on a new phone & log into your cloud 2) you ask your trusted contact to help, they enter a code you give them (!) 3) their app decrypts the intermediate key and returns it 4) your app then decrypts your phone key... now you’ve got 1 of 2 5) from there, you use delay & notify with a new hardware to get the second key so yes: your phone key is shared encrypted to your friend’s public key but only they can decrypt it AND only when you request their help. block never has the key... only facilitates communication & coordination. that’s the whole point of this setup: you choose the people you trust. no seed phrases, no central custody, no backdoors - just multiple paths to recover. this document might be helpful for more context as well: https://support.bitkey.world/hc/en-us/article_attachments/33164661348500