Ballet’s manufacturing process has been carefully designed so that neither the company nor any employee is able to access the private key of a Ballet product. A private key is what allows the funds stored on a product to be spent. Actual private keys can only be generated by the end customer, who has physical possession of the product, by using the two private key components on the product itself.
It is important to point out that during the whole manufacturing process, the actual private key has never been created or generated. The end customer will become the first person to generate the actual private keys once he/she decodes the private key via BIP38 protocol.