Private keys stay with the owner
The Owner App generates or imports the wallet seed locally, encrypts the vault locally, derives public addresses locally, and signs collect transactions locally. Core only receives public addresses and signed raw transactions.
Core as source of truth
Core manages users, API keys, assignments, balances, collect requests, webhook delivery, and scanner coordination. It does not broadcast from private keys and does not derive wallet addresses from a seed.
Scanner isolation
Scanner services monitor network activity, maintain watchlists, quote network fees, broadcast already-signed collect transactions, and report events back to Core using internal authentication.
Collect safety
Collect build responses include unsigned transaction details. Before broadcast, scanners verify signed transactions against the expected sender, receiver, value, nonce, chain ID, and gas fields.
Webhook reliability
Developer webhooks are separated from scanner-to-core events. Core can retry delivery without exposing provider details or private wallet data.