Console privacy
userOwner isolation: only the signed-in owner's data, no cross-wallet view, what is stored (address plus run and event metadata and receipt references), and no credentials ever.
The Console is owner-isolated by design. Every personal surface — Today, activity, and any prepared run — is scoped to the signed-in owner’s wallet address. There is no cross-wallet view, and no endpoint returns another owner’s data.
Owner isolation
- Wallet-owned detail is served only for the authenticated owner. Disconnected, the surfaces degrade to the public view.
GET /api/console/activitywith no owner returns empty lists andconnected: false— never a fallback to someone else’s history. See activity & receipts.- Runs and events are read back only for the address that created them.
What is stored
- Your wallet address as the owner scope, from the signed session.
- Run and event metadata — the plan hash, action type, resolved canonical fields, lifecycle state, and timestamps for the runs you prepare.
- Receipt references — pointers to your canonical HISS receipts, not a separate authoritative copy. See receipts.
When the datastore is unavailable the Console degrades honestly: it labels persistence as incomplete rather than presenting a partial history as complete. Connecting a wallet to HISS is not a Robinhood connection and authorizes no trading.