The most important thing to realize at the start of your bitcoin journey is not your keys not your coins. This term coined by Andreas Antonopolous around a decade ago means that if you are not in possession of your private keys, you do not have access to your bitcoin. You have an IOU and have to ask for permission to someone else in order to use the bitcoin. "But what is a private key and how do I know if I have it or not" is a common question I have been asked by newcomers to bitcoin. Your private key is a number, a 256 bit integer, an unimaginably large number and so long as you have this number you can spend your bitcoin and so long as nobody else has this number, nobody else can spend your bitcoin. This YouTube video by 3Blue1Brown explains just how big the number is and how unlikely it is that somebody could guess your private key. Computer wallets like Sparrow, phone wallets like Blue Wallet as well as hardware wallets like ColdCard (etc..) specialize in managing private keys and keeping them reasonably safe.
A common concern I have heard from newcomers to bitcoin is that there's no way to keep the private key safe. They reason that maybe it is offline at the start but in order to be useful it must be exposed at some point. I get some incredulous looks when I tell them that we never reveal the private key but we can prove we have it using digital signatures. Elliptic Curve Cryptography is a fascinating subject and even the basics are far beyond the scope of this post. The important thing to know is that from a private key we can mathematically derive a public key. With our private key we can sign(think numbers and algebra not handwriting) a message(think bitcoin transaction). Anybody that has the public key information and the signature number can use basic math to prove that only the person with the private key could have produced the signature needed to spend some bitcoin. Its also important to note that there is no known way to gain any information about a private key with just a public key.
When we send a bitcoin transaction we don't actually send it to an address, in fact the bitcoin blockchain has no concept of an address. What we are doing is locking the bitcoin to a script. A example of a simple locking script would be two items "public_key check_signature". Check_signature is a op_code that bitcoin software knows how to check that a signature is valid for a given transaction(message) and public key. The bitcoin is sent or locked to this script and the only thing that can unlock this script is a "signature" made by the private key corresponding to the public key. This is a simple example of part of what bitcoin core is checking when you hear the term validating transactions. Scripts have evolved from this simple pay to public key example that was used in the early days of bitcoin to other more secure and useful script types like pay to public key hash(p2pkh), pay to script hash(p2sh), pay to witness pubkey hash(p2wpkh), pay to witness script hash(p2wsh) and pay to taproot(p2tr). There is a standard way for wallets to generate addresses for each script type that make sending bitcoin easier for users. P2pkh addresses start with a 1, p2sh with a 3, p2wpkh, p2wsh, p2tr with a bc1.
So to summarize, not your keys, not your coins. Use good wallet software/hardware to manage your private keys for you. If you lose your private keys you will not be able to produce the necessary digital signature needed to unlock your bitcoin. Similarly, if someone gains access to your private keys, they will have all the necessary information to unlock or spend your coins to scripts where they control the private keys.
Bonus: One private key maps to one public key and from this public key one address of a given script type can be created. In the early bitcoin days every time your wallet needed a new address a new private public key pair was generated. This meant a new wallet backup had to be exported every time a new address was created. The goal of BIP (bitcoin improvement proposal) 32 was to solve this problem by creating a standard such that with one master seed, many private key public key pairs could be derived. Users of a wallet implementing this could backup a master seed(and a derivation path) at the time of wallet creation and always be able to recalculate all the private public key pairs needed to recreate and spend from the wallet in the future. HD wallets are the standard today and with the help of BIP39 which maps the master seed from a huge number to a seed phrase most of us are familiar with making it much easier for us to read and write.