🔒 Your token and keys never leave your browser. All operations run client-side via the Web Crypto API.