Picnic
en
Language
pt_BR Portuguese (Brazil) en English
🔐

Security & Access

23 articles P By Pury

Passkeys, login, account recovery and how to keep your Picnic account safe.

'Failed to create Candide subscription' error in the Picnic app

If you're seeing the message 'Failed to create Candide subscription' in the Picnic app when opening the home screen or when tapping 'Verify existing passkey', this article explains why it happens and shows the right way to keep using your account normally. Symptoms You open the Picnic app and, on the passkey screen, one of these behaviors appears: - An error message with the text 'Failed to create Candide subscription'. - The screen freezes when you tap 'Verify existing passkey'. - The continue button spins, goes back to the start, or shows the error above right after login. Why this happens This behavior appears when your main Picnic login is through an external wallet, such as MetaMask, Rabby Wallet or similar, rather than email login. Today, managing your account with an external-wallet login is only available on Picnic Pro, our web version at www.usepicnic.com. The passkey flow in the app was designed for accounts that sign in with email, so it can't complete when it detects an external wallet as the main login method. The 'Failed to create Candide subscription' message is an internal app notice that appears exactly in this case. Your account is active and your balances remain normal. How to fix it To access and manage your account, follow the step-by-step below on a computer: 1. Open your browser (Chrome, Edge, Brave, Firefox or Safari). 2. Go to www.usepicnic.com. 3. If you're still logged in from a previous session, log out. 4. On the login screen, choose the Wallet option. 5. Connect the same external wallet you used when you created your account (MetaMask, Rabby or another compatible wallet). 6. Once connected, you'll have access to Picnic Pro, with all of your account's features available. For now, this flow on the computer is the official path for accounts with external-wallet login. Important points - Your balances and your card remain active. The error in the app is just a flow limitation — it doesn't affect your money. - You don't need to create a new account. Signing in with your external wallet on Picnic Pro takes you to the same account you already have. - Don't try to switch login types (from external wallet to email) without talking to our support team first. That process can split balances and create unnecessary friction. Frequently asked questions Can I use the mobile app after logging in to Picnic Pro? Accounts with external-wallet login mainly use Picnic Pro on the computer, where all the account-management features live. You can keep an eye on balances from your phone's browser at www.usepicnic.com. Does the 'Failed to create Candide subscription' message mean my account is blocked? No. It's how the app signals that this specific flow doesn't apply to your type of login. Your account remains active and your balances are safe. See also - Picnic Pro: Focused on crypto and DeFi - How to log in to my Picnic account - How to access your wallet in another interface - How to recover or replace your passkey on Picnic - Using the same account on your phone and on your PC - Security and self-custody at Picnic: how your passkeys protect your account If the problem persists even after following the steps above, talk to us through the chat on the Picnic website or the chat inside the Picnic app.

Account recovery started by mistake — how to cancel

If you received an email saying an account recovery was started but it wasn't you who started the process, or you entered the recovery screen by mistake, this article explains what to do. How to recognize it When a recovery process is started, Picnic sends an email notification and shows a warning inside the app/site indicating the recovery is in progress. It also starts a 7-day countdown. If you still have access to the original passkey: cancel immediately If you still have the original passkey working, follow these steps: 1. Open the Picnic app or go to usepicnic.com. 2. Sign in with your original passkey (the one that was working before the process was started). 3. On the home screen or in settings, you'll see a banner/warning about the ongoing recovery. 4. Tap Cancel recovery. 5. Confirm the cancellation. Done! The new passkey that was being created is invalidated and your original passkey keeps working. Cases where this may happen by mistake You entered the "Recover account" screen by mistake Sometimes the user is on the sign-in screen, clicks "Recover account" thinking it's "sign in", and ends up authenticating with their biometrics — starting the process unintentionally. In that case, just cancel as shown above. An app bug redirected you In rare cases, the app can behave unexpectedly and redirect you to the recovery screen. If that happens, cancel the recovery and report it to support for investigation. Someone may be trying to hack into your account If you received an email about a recovery that you DID NOT start, it's possible someone is trying to recover access to your account. Cancel immediately using the original passkey. Then: - Change the password of the email you use on Picnic. - Enable two-factor authentication on your email. - Check that your transactions are intact. - Contact support and report the incident. If you no longer have the original passkey If the recovery was started and you really don't have the old passkey anymore (for example, because you wanted to recover it yourself), the process will continue normally through the 7 days. No fund movement is possible during that period, but after the 7 days, the new passkey will be activated. During the 7 days, what happens to my funds? Your funds remain safe. They are on the blockchain, in a smart wallet that belongs to you. Neither Picnic nor anyone else can access the funds during this period — that is exactly the purpose of the 7-day window. Can I speed up the 7-day process? No. The 7-day period is a security measure that cannot be bypassed and exists precisely to protect you. Not even Picnic support can reduce this window. See also - Passkey: Recovery mode (7 days) - How to recover or replace your passkey - How to protect your Picnic account

Using the same account on phone and PC

A very common question is: "I created my passkey on my phone. How do I use the same account on the computer?" The answer depends on how your devices are configured and which password manager you use. Why this question exists Unlike a traditional password (which you can type anywhere), a passkey is saved on the device where it was created. To access on another device, there are two ways: 1. Automatic sync via the password manager (when both devices share the same manager). 2. Access via QR code (when devices don't share a manager — for example, Windows PC + Android phone). Scenario A: All Apple (iPhone + Mac + iPad) If you only use Apple devices and they are all signed in to the same iCloud account with iCloud Keychain enabled, the passkey is automatically synced across all of them. When you try to sign in on Safari on the Mac, the passkey is already available — just authenticate with Touch ID or Face ID. Scenario B: All Android / Google (phone + Chrome on PC) If you use an Android phone with Google Password Manager enabled and also use Google Chrome on the PC with the same Google account, the passkey is automatically synced. When you sign in on Chrome on the PC, the passkey is available. Scenario C: Mixed devices (iPhone + Windows PC, or Android + Mac, etc.) In this case, since the password managers don't talk to each other, you need to use the QR code flow: 1. On the PC, go to usepicnic.com and enter your email. 2. Choose the option to use your phone / QR code to authenticate. 3. Open the phone camera and point it at the QR code on the PC screen. 4. Tap the notification that appears on the phone. 5. Authenticate with your phone's biometrics. 6. Access on the PC is unlocked. Details at: How to sign in on PC using a QR code from your phone. Scenario D: Third-party password manager (1Password, Bitwarden) If you use 1Password or Bitwarden and have it installed on both devices (phone and PC), the passkey syncs automatically through those managers. Just install the extension/app on the PC and sign in to the manager — the passkey will be available. Can I register more than one passkey on my account? Yes! And we recommend it. You can register a passkey on the phone and another on the PC. If one is lost, the other works as a backup. To add a new passkey on another device: 1. Sign in on that device (using QR code, for example). 2. Go to Settings → Security → Passkeys. 3. Tap Add new passkey. 4. Authenticate and save to the new device's manager. Frequently asked questions If I switch phones, do I lose my passkey? It depends. If you use iCloud Keychain (Apple) or Google Password Manager (Android) and your new phone is signed in to the same account, the passkey syncs automatically. If you switched from iOS to Android (or vice versa) without migrating, you'll need to go through the recovery process. If I reformat my PC, do I lose my passkey? If the passkey was synced through Google Password Manager / iCloud Keychain / a third-party manager, it remains saved in the manager's cloud. After reinstalling the system and signing back in to the manager, the passkey becomes available again. What if I use my passkey on a borrowed PC? Always use the QR code flow. Never save your passkey on someone else's PC — that gives another person access to your account. See also - How to sign in on PC using a QR code from your phone - Passkeys on Android: how to set up - Passkeys on iPhone: how to set up

I deleted my passkey from the manager — what now?

If you accidentally deleted your Picnic passkey from your password manager (Google Password Manager, iCloud Keychain, 1Password, Bitwarden, etc.), don't worry: your funds are still safe. You'll need to go through the account recovery process to register a new passkey. Why does this happen? Your Picnic passkey is stored in your device's password manager — not on Picnic's server. When you delete the passkey directly in the manager, Picnic loses the reference needed to authenticate you on that device. Important to know: Picnic does not have a copy of your passkey. For security and self-custody reasons, the passkey is encrypted and stored only on your device/manager. That's why recovery requires confirming your identity again. Step by step to recover access Step 1 — First, check if the passkey was actually deleted Before starting recovery, check the manager: - Android: Settings → Google → Password Manager → search for "Picnic" or "usepicnic.com". - iPhone: Settings → Passwords → search for "Picnic" or "usepicnic.com". - 1Password / Bitwarden / other apps: open the manager app and search for the Picnic entry. If the passkey is there, the issue is something else — try to sign in normally through the app or site. Step 2 — Start the recovery process 1. Make sure you are signed out of your account. 2. Open the Picnic app or go to usepicnic.com. 3. On the sign-in screen, tap Recover my account. 4. Enter your registered email. 5. You'll receive a verification code by email. Enter the code to confirm your identity. Step 3 — Register a new passkey After confirming your email, you'll be prompted to register a new passkey on the device you're using. Follow the on-screen instructions and authenticate with your biometrics. Step 4 — Wait the 7-day security period After registering the new passkey, a 7-day security period starts. This period exists to protect you in case someone tries to recover your account without authorization. During these 7 days: - The account is temporarily on hold (no fund movements). - Your funds remain safe — they are on the blockchain. - You'll receive emails updating you on progress. After the 7 days, the new passkey is activated and you can use the account normally again. How to avoid deleting the passkey in the future - When organizing your password manager, pay close attention before deleting entries related to "Picnic" or "usepicnic.com". - Register an additional passkey on another device (for example, both on the phone and on the computer). That way, if you delete one, the other works as a backup. - Consider using a dedicated password manager (1Password, Bitwarden) instead of the system-native one — they usually have better protection against accidental deletion. What if I don't remember the email I used? Without the email, unfortunately it isn't possible to start the recovery process. See: I lost access to my login email. See also - How to recover or replace your passkey - Passkey: Recovery mode (7 days) - Security and self-custody on Picnic

Passkeys on iPhone: how to set up

On iPhone, passkeys work through iCloud Keychain, Apple's native password manager. If you already use iCloud Keychain, your Picnic passkey is registered seamlessly, using Face ID or Touch ID. Requirements - iPhone with iOS 16 or later. - iCloud Keychain enabled — instructions below. - Face ID or Touch ID set up on the device. - Signed in to your iCloud account (Settings → [your name] at the top). How to verify iCloud Keychain is enabled 1. Open the Settings app on your iPhone. 2. Tap your name at the top. 3. Tap iCloud. 4. Scroll down to Passwords and Keychain (or Keychain). 5. Make sure it's On. If not, enable it. Step by step to register a Picnic passkey 1. Open the Picnic app or go to usepicnic.com on Safari. 2. Follow the account creation / recovery flow until you reach the "register passkey" step. 3. The iPhone will show a system prompt asking whether to save a passkey for Picnic. 4. Tap Continue. 5. Authenticate with Face ID or Touch ID. 6. Done! Your passkey is stored in iCloud Keychain and automatically synced across your Apple devices (iPhone, iPad, Mac). How to use the passkey afterwards Whenever you need to sign in to your account or authorize a transaction: 1. Picnic will request your passkey. 2. The iPhone will show the authentication screen. 3. Just use Face ID or Touch ID. Syncing between iPhone, iPad, and Mac One of the big advantages of iCloud Keychain is that the passkey becomes automatically available across all your Apple devices signed in to the same iCloud account. For example, if you registered the passkey on iPhone, it's already available in Safari on your Mac. How to use it on a non-Apple computer (Windows, for instance) If you want to sign in to Picnic on a Windows or Linux PC using the iPhone passkey, use the QR code flow: 1. Go to usepicnic.com in the PC browser. 2. Enter your email and proceed. A QR code will appear. 3. Open the iPhone camera and point it at the QR code. 4. Tap the notification that appears. 5. Authenticate with Face ID or Touch ID. See details at: How to sign in to my Picnic account. Common issues The passkey option doesn't appear when creating the account - Check that iCloud Keychain is enabled (steps above). - Check that iOS is up to date (16 or later). - Check that Face ID / Touch ID is set up on the device. I accidentally deleted the passkey from iCloud Keychain In that case you need to recover your account. See: How to recover or replace your passkey. See also - Passkeys on Android: how to set up - How to share your account passkey - Security and self-custody on Picnic

How to sign in on PC using a QR code from your phone

When you try to access your Picnic account on your computer, your passkey is usually saved on your phone. In that case, the site displays a QR code so you can authenticate using your phone. Here's how it works. Step by step 1. On your computer, open the browser and go to www.usepicnic.com. 2. Enter your account email and click Continue. 3. You'll see a screen asking for your passkey. If the browser asks whether to "use a passkey from this device" or "use a passkey from another device", choose the second option (or select "phone" / "QR code", depending on your browser). 4. A QR code will appear on the PC screen. 5. Pick up your phone (the one where the passkey was created) and open the default camera app. 6. Point the camera at the QR code on the PC. 7. The phone will show a notification asking you to sign in to the site. Tap the notification. 8. The phone will ask for your biometrics (fingerprint or Face ID). Authenticate. 9. Done! Access on the PC is unlocked automatically. Requirements for the QR code to work - Bluetooth must be enabled on both devices (PC and phone). The system uses Bluetooth to confirm the devices are near each other. - PC and phone must be in the same environment (physically close). - The passkey must be registered on the phone. - On Android, the phone must have an active password manager (usually Google Password Manager). Common issues The phone doesn't read the QR code - Make sure you're using the phone's default camera app (don't use third-party apps). - Increase the brightness of the PC screen to make scanning easier. - Try moving the phone closer to the QR code. - On Android, check that the password manager is enabled. See: Passkeys on Android: how to set up. The QR code doesn't appear on the PC - Try another browser (Chrome, Firefox, Edge). - Check whether the passkey has ever been registered — if no passkey exists, there's nothing to use. - Clear the browser cache and try again. I scanned the QR code, but no notification arrived on the phone - Check Bluetooth — it must be enabled on both devices. - Move the phone closer to the PC. - Make sure system notifications are enabled on the phone. "Fido" or a different screen appears instead of the QR code "Fido" is the name of the technical standard behind passkeys — it can show up on some browser screens. Just follow the flow: choose the option to use your phone or QR code to authenticate. What if I don't want to use my phone every time? You can register an additional passkey directly on the PC. After logging in once, go to Settings → Security → Add new passkey. That way, the PC gets its own passkey and you no longer need the QR code on that device. See also - How to sign in to my Picnic account - Passkeys on Android: how to set up

Access key: Recovery mode

When you register a new access key (passkey) on your Picnic account, it automatically enters a 7-day activation period. This timeframe is a security layer to protect you. Why is there a 7-day period? The 7-day period exists to protect your account. If someone tries to create a new passkey without your authorization, you have 7 days to cancel the process with your original passkey. This security window ensures that only you can take control of the account. What happens during the 7 days? During the activation period: - The new passkey cannot access the account or authorize transactions. - The original passkey remains active and works normally. - You can cancel the process at any time using the original passkey. After 7 days, the new passkey becomes the only active one. The original passkey is automatically deactivated. I no longer have access to my original passkey If you no longer have the original passkey, you cannot cancel the process or access the account during the 7 days. Wait for the period to end. After 7 days, the new passkey will be active, and you will regain access normally. How to cancel the recovery process If you started the process by mistake and still have access to the original passkey, follow these steps: 1. Open the Picnic app or go to usepicnic.com. 2. Log in with your original passkey. 3. Cancel the recovery process on the red banner on the home screen. If you need help, contact our support. see also How to share your account access key Passkeys on Android: how to set up

How to Share Your Account Passkey

You can allow others to access your Picnic account by sharing your passkey. This process is done through your device's password manager, not the Picnic app. How It Works Logging into Picnic uses passkeys protected by your device's biometrics. Since these keys are stored in your iCloud or Google, you can send them to trusted people. Upon receiving the key, the other person will use their own biometrics (Face ID or fingerprint) on their device to access your account and authorize transactions. Step-by-Step on iPhone (iCloud) 1. Open your iPhone's Settings. 2. Tap on Passwords. 3. Find the Picnic passkey in the list. 4. Tap the Share icon. 5. Send via AirDrop to the other person's device. Step-by-Step on Android (Google) 1. Open your Android's Settings. 2. Go to Google and select Password Manager. 3. Find the Picnic passkey. 4. Use the Sharing option available in the system. Points to Consider - Security: Share only with people you trust completely. The key allows free movement of funds. - Independence: You don't need to register someone else's fingerprint on your phone; each person uses their own device. - Revocation: You can remove access at any time by deleting the key from the other person's manager. Frequently Asked Questions Can I share a key between iPhone and Android? Sharing generally works between devices of the same system. To share between different systems, you can use third-party managers like 1Password or Bitwarden. What happens if I delete the key on my phone? The person you shared with will still have access unless you also remove the key from their device or revoke access through the password manager. Can Picnic recover my key if I lose it? No. For security reasons, keys are encrypted and stored only in your password manager. Picnic does not have a copy of these keys. see also Passkeys on Android: How to Set Up How to Recover or Replace Your Picnic Passkey

Passkeys on Android: How to Set Up

What are passkeys? Passkeys protect your account using your phone's biometrics. You use fingerprint or facial recognition instead of passwords. It's faster, more convenient, and secure. Why does "USB security key" or QR code appear? Some Android phones don't have the password manager enabled. This happens with brands like Xiaomi, Samsung, Motorola. Without a configured manager, the phone doesn't offer the biometric option. Instead, it shows alternatives like USB or QR code. The solution is simple: just activate a password manager. How to solve it in 5 steps Step 1: Open the phone's Settings (gear icon). Step 2: Find the Google settings. Depending on the phone, the path might be: - Settings > Google - Settings > Accounts > Google - Settings > Passwords and Security Step 3: Within Google, look for: - Autofill > Passwords and Autofill - or Password Manager Step 4: Choose Google as the default manager. Apps like 1Password or Bitwarden also work. Step 5: Open the Picnic app and try to create your passkey again. The biometric option should appear normally. Still need help? If the problem persists, contact our support. Send: - Brand and model of the phone - Android version (in Settings > About phone) - What appears on the screen when trying to create the passkey Frequently Asked Questions Do I need to install any extra apps? Not necessarily. Most Android phones already have the Google Password Manager installed, you just need to activate it as the default manager. If you prefer, you can also use apps like 1Password or Bitwarden. Does it work on any Android version? Passkeys are compatible with Android 9 or higher. If your phone is updated, it should work normally. See also - Security and self-custody at Picnic: how your passkeys protect your account - How to recover or replace your passkey at Picnic

Security and Self-Custody on Picnic: How Your Access Keys Protect Your Account

What is self-custody? At Picnic, your funds are stored in a smart wallet that exists directly on a public blockchain. This means that Picnic does not hold or control your money — you are the one who authorizes each transaction. Unlike traditional banks and brokers, where your funds are kept on servers controlled by the company, at Picnic, the ownership of your assets is yours from day one. No Picnic employee can access or move your funds. This model is called self-custody: you are the sole responsible party and controller of your account. How security works at Picnic Picnic uses access keys (also known as passkeys) as the primary means of authentication and transaction authorization. An access key is a cryptographic credential that is stored in the secure hardware of your device (mobile or computer) and is protected by your biometrics — your face or fingerprint. In practice, it works like this: 1. When you log in or authorize a transaction, Picnic requests confirmation of your access key. 2. Your device requests your biometrics (Face ID, Touch ID, fingerprint, or facial recognition). 3. After biometric confirmation, the cryptographic signature is generated directly on your device. 4. This signature is sent to the blockchain, authorizing the operation. At no point does the private key leave your device. Picnic never sees, stores, or has access to this key. Why are access keys more secure? - Phishing resistant: The access key is linked to the domain where it was created. If someone creates a fake site imitating Picnic, your device will not recognize that domain, and the key simply will not be offered. - No passwords to leak: There is no password to be stolen, guessed, or reused. - Hardware protected: The private key resides within the security chip of your device and cannot be copied, exported, or extracted. - Mandatory biometrics: Even with physical access to your device, without your biometrics, the key cannot be used. Synchronization between devices Access keys automatically sync between your devices through your platform's password manager: - iPhone/iPad/Mac: sync via iCloud Keychain. - Android/Chrome: sync via Google Password Manager. - Password managers: if you use a manager like 1Password or Bitwarden, your access keys can be synced through it. This means that, in most cases, switching phones or accessing from a computer does not require any recovery process — your access simply follows your devices. And the email? Previously, logging into Picnic was done via email, through an intermediary infrastructure. With access keys, email is no longer part of the main authentication path. Now, email functions only as a recovery mechanism. If you lose access to your device and your access key, you can initiate account recovery via email. In this case, there is a security period of 7 days before new access is granted — to ensure that any unauthorized attempts can be detected and canceled. App biometric lock vs. access key: what’s the difference? There are two layers of biometric protection at Picnic, and it’s important to understand the difference: | | Access Key | App Biometric Lock | | --- | --- | --- | | What it is | A cryptographic credential that authenticates and authorizes transactions | A quick access lock for the app | | Where it lives | On the blockchain — registered as the signer of your wallet | Only on your device — it is a local app setting | | What it protects | The ownership and control of your account and funds | Access to the app interface | | Mandatory? | Yes — mandatory starting April 6, 2026 | No — it is an optional feature that you can enable in settings | | Works across devices? | Yes — syncs through your platform's password manager | No — works only on the device where it was activated | In summary: the access key is the real security of your account, registered on the blockchain. The biometric lock is a local convenience that prevents someone from opening the app on your phone without authorization. We recommend keeping both protections active. Timeline Access keys are already available for setup. Starting April 6, 2026, they will be mandatory for all accounts created with email. Setting it up takes about 30 seconds: 1. Open Picnic. 2. Tap on the access key setup banner. 3. Confirm with your face or fingerprint. Summary - Your funds are in a wallet on the blockchain — Picnic does not have access to them. - Access keys protect your account with encryption and biometrics directly on your device. - The private key never leaves your device and cannot be copied. - Email now functions only as a recovery mechanism, with a 7-day security period. - The app biometric lock is a separate local protection — it does not replace the access key. If you have questions, contact support within the app or send an email to oi@usepicnic.com.

How to Recover or Replace Your Access Key on Picnic

If you've lost access to your access key — for example, because you lost your phone, changed devices, or the access key is no longer available — you can recover your account by following the steps below. Recovery can also be used when you want to replace your current access key with a new one, for example, when setting up a new device. Before You Start - You will need access to the email you used to create your Picnic account. - The recovery process takes 7 days for security reasons. This period exists so you can cancel the recovery if you didn't initiate it. - During the 7 days, if you still have access to the current access key, it will continue to work normally. Step-by-Step 1. Go to the Login Screen Make sure you are logged out of your account. If you are logged in, log out first. On the login screen, click "Recover my account". 2. Confirm Your Identity Enter the email associated with your Picnic account. You will receive a verification code by email. Enter the code to confirm your identity. 3. Register a New Access Key After confirming your identity, Picnic will prompt you to create a new access key on the device you are using. Your device will request biometric confirmation (face or fingerprint). This new access key will be linked to your account and will become active after the security period. 4. Wait for the Security Period (7 Days) After registering the new access key, a 7-day security period begins. This period is to protect you: if someone tries to recover your account without authorization, you will have a week to detect and cancel the process. During this period: - You will receive email notifications informing you about the progress of the recovery. - If you have access to the old access key, you can cancel the recovery at any time by accessing the Security page in the app. - Your funds remain secure and are not affected. 5. Complete the Recovery After the 7 days, you will receive an email informing you that the recovery is ready to be completed. 1. Open Picnic and log in with your email. 2. Go to the recovery page (you will see a notification on the screen). 3. Click "Complete recovery". 4. The new access key will be activated and will become the main credential for your account. Done! Your account is recovered with the new access key. How to Cancel an Ongoing Recovery If you started the recovery by mistake, or if you received an email saying a recovery was initiated and it wasn't you, cancel immediately: 1. Open Picnic and log in with your current access key. 2. Go to Settings → Security. 3. You will see a notification about the ongoing recovery. 4. Click "Cancel account recovery". 5. Confirm the cancellation. The recovery will be canceled, and your current access key will remain active. Frequently Asked Questions Can I speed up the recovery process? No. The 7-day period is a mandatory security measure and cannot be shortened. It exists to protect against unauthorized access. Are my funds at risk during recovery? No. Your funds remain secure on the blockchain throughout the process. No transactions can occur without a valid access key. What if I change phones and my access key syncs automatically? If your access key synced via iCloud (Apple) or Google Password Manager (Android), you don't need to recover. Just log in normally on the new device. Do I need recovery if I use the same Apple/Google account on the new phone? In most cases, no. If your platform's password manager synced the access key, it will be available automatically. Recovery is only necessary when the access key is no longer accessible on any device. What happens if someone initiates recovery without my authorization? You will receive daily emails and push notifications informing you that a recovery has been initiated. If it wasn't you, log into Picnic with your current access key and cancel the recovery immediately. You have 7 days to do this. If you have questions or need help, contact support within the app or send an email to oi@usepicnic.com.

How to Protect Your Picnic Account

Keeping your account secure is simple when you know what to look out for. Here are the key points about security, phishing, and what Picnic can or cannot do. Protect Your Access At Picnic, login is done with email + verification code (OTP). Therefore: - Use a strong and unique password for the email you use with Picnic. - Enable two-factor authentication (2FA) on your email. - Never share your Picnic verification code with anyone. - Do not search for the Picnic website on search engines. If someone accesses your email, they could try to access your Picnic account. Beware of Phishing (Fake Links, Sites, and Messages) Phishing scams try to trick you into stealing your codes or getting you to send money. Be suspicious if: - The message is very urgent (“respond in 5 minutes or your account will be blocked”). - Someone asks you to provide a verification code, card details, or documents via chat, call, or WhatsApp. - The link looks strange or the site has a different address from the official one. - They ask you to install remote access apps (AnyDesk, TeamViewer, etc.) to “assist with support.” - They offer guaranteed returns, “exclusive investment,” or ask you to transfer everything to a “secure wallet.” If in doubt, do not click. Access Picnic by typing the official address in your browser (www.usepicnic.com) or opening the app directly from the store. What Picnic Can Do Picnic can: - Send emails with the @usepicnic.com domain (for example, to confirm login or notify you about something important). - Ask you to confirm actions within the app or website (like accepting terms or reviewing data). - Guide you through the platform chat or official channels if you have questions. - Help you report fake sites. What Picnic Never Does Consider it a scam if someone, claiming to be from Picnic: - Asks for your verification code, card PIN, or email password. - Requests you to make a Pix transfer to “unlock account,” “increase limit,” or “join a special investment.” - Asks you to install remote access apps to “assist with support.” - Requests your full card number or CVV. Picnic never needs this information to provide support. What to Do If Something Seems Wrong If you receive something suspicious or think you’ve been scammed: 1. Stop everything: do not click, do not respond, do not send codes. 2. Review your transactions; if something seems off, follow the steps in the security articles. 3. Contact support through the official channels and explain what happened. When in doubt, treat it as a scam. It’s always better to confirm first than to fix later.

Lost Access to Login Email

What Should I Do First? Before contacting Picnic, try to regain access to your email through the provider itself (Gmail, Outlook, iCloud, etc.). You usually find options like: - “Forgot my password” or “Can't access my account”; - recovery via phone, another email, or security questions; - support from your email provider. If you manage to recover this email, just return to Picnic and log in normally using the verification code that will arrive in your inbox. Couldn't Recover My Email. Now What? Picnic cannot change your email or “reset” access. As it is a self-custody wallet, no one but you has the keys to move your assets. Therefore, there are no means for recovery. When You Can Still Recover Access You can only regain access to your wallet if: 1. You manage to recover the email with the provider (Gmail, Outlook, etc.), even if temporarily; or 2. You have previously backed up by exporting the private key and using it in a compatible external wallet. If you recover the email, take the opportunity to: - access Picnic with the code sent to that email; - securely back up the private key and set up an external wallet. Summary If you: - cannot recover the email and - have never exported the private key to an external wallet, then there is no way to access or move the wallet. The assets remain on the blockchain, but without access to the email or the private key, transactions cannot be made. Learn how to export the private key and set up an external wallet HERE.

How to Connect Your Ledger (or Other Hardware Wallet) to Picnic

Important: Picnic is optimized for email login. For advanced users, it is possible to create/log in with an external wallet in the browser. The app does not allow login with an external wallet, and the web experience with an external wallet may be more limited. Before You Start - Updated Ledger: use Ledger Live to update firmware and apps (network you intend to use). - MetaMask or Rabby installed: browser extension ready to connect hardware wallet. - Security: never type your 24-word phrase on a computer/phone. Only sign what you understand. Step-by-Step (Browser) 1. Prepare the Ledger - Connect the Ledger via USB and unlock it. - Open the network app on the Ledger (e.g., Gnosis Chain). 2. Connect the Ledger to MetaMask, Rabby, or another extension - Open the extension. - Choose “Connect hardware wallet” and select Ledger. - Follow the instructions to choose the account (address) you will use on Picnic. 3. Log into Picnic (web) - Access Picnic in the browser. - If you want traditional login, use email. - For external wallet, choose “Log in with wallet” and authorize in MetaMask/Rabby (linked to Ledger). - Confirm signature requests when they appear. 4. Use Picnic as Usual - With the account connected, follow the Help Center articles for deposits, transfers, buying ETH, etc.   Important: once the Picnic wallet is created with an external wallet, it cannot be accessed later through another method. If the external wallet is lost, the user will also lose access to the Picnic wallet. If Something Doesn't Work - Close and reopen the network app on the Ledger. - Reconnect the Ledger, change the USB port/cable, and restart the browser. - In MetaMask/Rabby, remove and reconnect the extension. - Check if the selected network in the extension matches the network used on Picnic. - Review the Help Center articles related to your flow (e.g., loading the card, buying GNO, using cashback).

How to Remove Your Account Data

⚠️ This article does not explain how to close your Picnic account. It explains how to remove (unlink) your personal KYC profile from an account so it can be used with another email. To permanently delete your account, see How to Permanently Delete Your Account. If you just want to add your profile to another account, check out the article How to Add Personal Data to Another Account Correctly. Step by Step 1. Access your account through the browser at usepicnic.com. 2. Go to Account settings and open the KYC Management tab. 3. Next to the account you want to unlink, click the red Remove button. 4. Confirm the action. IMPORTANT: Once completed, the previous data is unlinked from the account and cannot be used again with another email. The account itself remains active. What to Avoid - Do not remove the data before adding new ones if you want to reuse Picnic. - Do not remove the data to correct errors.

How to Correctly Add Personal Data to Another Account

Step by Step 1. Access your account through the browser. 2. Go to Account Settings. 3. Click on Add. 4. Enter the new email. 5. A confirmation code will be sent to the provided email. 6. Access your email, copy the code, and enter it in the confirmation field on Picnic. 7. Wait for confirmation that the new data has been successfully added. Only after this, if you wish, you can remove the data from the old account. Important - If you skip the email confirmation step, the process will not be completed. - Do not attempt to add the same data to another account (another email).  - The data cannot be automatically reused unless through this method.

How to Permanently Delete Your Account

This action is irreversible. The data will be permanently lost and cannot be used again in another account. What You Should Know Before Closing Due to the nature of blockchain technology, it's important to understand how your data is handled: - Personal Data: All your identification information and access to Picnic are deleted from our servers. - Blockchain Address: Your digital wallet will continue to exist on the blockchain network. As it is a public and immutable infrastructure, it is not possible to delete an address from the network. - Functionalities: If you try to log in again after deletion, the wallet will still exist, but your account will no longer have active functionalities, such as using Pix. Before deleting: 1. Withdraw all assets (investments, balances, cryptocurrencies) 2. Cancel physical card and remove from digital wallets 3. Confirm there are no pending transactions How to do it: - In the app (iOS/Android) — this is the only way to close your account yourself: open the Settings menu and tap Delete account. Follow the steps to confirm (you must have no remaining balance and confirm by typing the displayed code and the account email). - On the web (usepicnic.com): there is no account-closure button on the website. If you can't use the app, contact our support through the chat and our team will close the account for you. ⚠️ Important: the Account settings → KYC Management → Remove option on the web does NOT close your account. It only unlinks your KYC profile from an account so it can be reused on another one — the account stays active. To actually close your account, use the app or contact support.

How to Access Your Picnic Account

You can access your Picnic account via the app or the website. Here's how it works: Choose Your Login Method When logging in, you can choose from three options: - Email (app and browser) - Google (browser only) - External Wallet (like MetaMask or Rabby - available only in the browser) Security Verification After choosing the method, complete the security verification displayed on the screen. Pay Attention to the Method Used Each login method creates a different wallet, with its own balance and history. Therefore, it's essential to: - Remember which method you used the first time. - Always use the same method to correctly view your balances and transactions.

How to Change Your Registered Email Directly

How it currently works - It's not possible to change your email directly through the app. - There is an option to transfer personal data and link to another email via the web version ("Manage Registrations" function). What you can do 1. Access the web version of Picnic at usepicnic.com. 2. Go to Manage Registrations. 3. Follow the steps to share your data with a new Picnic account linked to another email. 4. Once your data is in the new account, you can click the Remove button to delete the first account. 5. Important: this process only transfers personal data for deposits and withdrawals. Assets need to be transferred manually by the user. Practical summary You cannot simply change the registered email. You need to create a new account and use the "Manage Registrations" function on the web version. This way, two Picnic accounts can use the same registration.

I can't access my account

99% of login issues are resolved with the steps below. - Codes expire after a few minutes and cannot be reused. - Use only the most recent code you received in your email. - Avoid requesting multiple codes in a row, wait before trying again. Stable internet, another browser tested, and app updated? - Check if your connection is stable. Restart the modem if necessary. - The Picnic page or app may be experiencing temporary technical issues (this does not affect the security of your funds, as they are on the blockchain), in such cases try again later. - Try accessing with another browser (Chrome, Firefox) to rule out cache failure. - If you're on a mobile device, uninstall and reinstall the app.

Verification Code Not Working

Most common causes: - Incorrect time - Device time not synchronized with the official country time - Active VPNs How to resolve: 1. Synchronize the time with the official country time 2. Uninstall and reinstall the app 3. Request to resend the code directly in the app 4. Wait a few minutes and try again at a different time

Not Receiving the Verification Code via Email

Solutions that resolve 99.9% of cases: 1. Check your spam folder - Codes might end up in junk mail 2. Sync your device's time - The time must be correct and synchronized with the official time of your country 3. Look for a session approval email - There might be a message to approve the device 4. Click the green button twice to approve the device - If you find the approval email, click the green button, then click again on the new page that opens. 5. Try again: request the code again after 1 min. Try again after 3 hours. Still not working? Contact our support by sending: - Device used - Times of attempts - Via browser or Picnic app - Full CPF (Brazilian tax ID) used for registration Our contact: oi@usepicnic.com

How to Access Your Wallet on Another Interface

For those who created their Picnic wallet via Email or Google, we've prepared a guide on how to perform a secure backup simply. Remember: those who have already created a Picnic wallet linked to an external wallet will not have a private key because the key is the same as the external wallet itself. Who is this guide for? - People who have funds on a blockchain not yet supported by Picnic. - Those who sent an unsupported token and need to manage it. - Those who want a “plan B” in case they lose access to the login email and/or if Picnic ceases to exist. Very Important Precautions Anyone who has access to your private key can move all your funds. Write it down on paper (or use a reliable password manager), keep it away from screenshots or notepads, and never share it via chat or email. What you will need - [Rabby Wallet Extension](https://rabby.io/) installed on Chrome, Brave, or Edge - Paper and pen or an offline password manager - 5 minutes of full attention — no rush! Step by Step 1. Export the Private Key in Picnic 1. Click on your avatar (top right corner) → Security → Export Private Key. 2. Follow the flow and copy the key (starts with `0x` and has 64 characters). 3. Write it down on paper or paste it into the password manager immediately. 2. Copy Your Picnic Smart Wallet Address (Safe) - Still in Picnic, go to **Deposit Crypto** and select an asset. - Copy the address that appears below, which starts with `0x` and has **42 characters**. > Tip: it is different from the private key; think of it as an “account number.” 3. Import the Private Key into Rabby 1. Open the Rabby extension → click on Import → Private Key. 2. Paste the private key copied in step 1. 3. Give it an easy name (“Picnic Account – Key”) and finish. 4. Add Your Picnic Safe to Rabby 1. In Rabby, go to your accounts section, click on Add New Address → Connect Institutional Wallet→ Safe. 2. Paste the Safe address (42 characters) from step 2. 3. Name it “Picnic Safe.” 5. Test if Everything Worked > Good practice: send a small test amount (e.g., $1 in ETH) to the Safe and try to move it via Rabby. Only then move larger amounts. Quick Checklist: - [ ] Private key imported? - [ ] Safe added? - [ ] Balance appears in the extension? - [ ] Test transaction confirmed in the explorer? Done! You can use the Picnic Smart Wallet in any compatible dApp and sleep better knowing you have a backup outside the platform.