Are we missing something? Send us feedback.
Quite simply, NO. EFOLIO is not a "wallet" and we never access, use, request or want to see your private keys. Ever.
In the case of our Shapeshift hardware wallet integation, we use APIs to ask the device to perform actions (like signing a transaction), but we never have access to your keys on the wallet itself. Hardware wallets don't provide that service, by design.
This is understandable and we can relate. Crypto feels safe on a hardware wallet and the moment you plug it into your computer and allow a website to access its data, there is this sudden feeling that it is exposed and vulnerable.
Let us allay that fear: Hardware wallets were designed to be plugged into computers for safe and secure access to external services. That's the unique space they occupy in the wallet spectrum. While cold storage wallets are completely isolated and software wallets are at risk of exposure, hardware wallets, by their very nature, allow access with the external world while maintaining the safety of your keys.
No. Hardware wallet user interaction is designed to give you, the user, agency over what the hardware wallet does. Before it takes any action, you have to physically press buttons on the screen. As such, there is no way software can highjack that process.
The best way to understand how this works is to watch some demos on our YouTube channel of how the EFOLIO hardware wallet integration works.
We use the Shapeshift API to generate the escrow address as documented here. You can verify the escrow address from Shapeshift by clicking the 'Track My Order' link that is generated before you send any coins to Shapeshift. We recommend shifting smaller amounts to begin with to get comfortable with the system before shifting larger amounts.
The site "remembers" the choice you made when setting the currency on the current prices page.
All our price data comes from https://www.coinmarketcap.com. Our exchange rates come from https://www.coincap.io.