Plaintext of any query — address, mnemonic, or private key — is never stored on KeyAudit servers. All input is hashed client-side using WebCrypto SHA-256 via SubtleCrypto.digest() before the HTTP request is sent; only the resulting hash is transmitted.

For rate-limiting and deduplication, the hash is retained briefly in server memory. No plaintext fields appear in production logs, error reports, or persistent storage. The seeder input is discarded immediately after hashing — there is no plaintext logging at any layer.