Layer 1: All interactions are done by Metamask and a Cold Wallet interaction (e.g you would only be able to Whitelist (approved Investors and Mint FIAT transactions) in batches e.g once a day, once a week, once a month (super secure)

Layer 2: All interactions are done from your Backend Server only (we would provide you with the necessary Code Snippets to interact with the Smart Contract via your Backend Server and Infura.io Node (ours or yours, to be decided from a Compliance perspective) (less secure)

Layer 3: You will just implement the API calls you need in your own Frontend (Private key is disclosed inside the API call) (least secure, but most convenient)