How your key is handled
Where it lives
It is held in server memory from the moment you log in. It is never written to disk, never stored in a database, and never appears in any log file.
What it does
The only operation performed with your key is signing outgoing API requests to Kalshi using RSA-PSS. It is never sent to any third party.
When it's gone
The key is erased the moment you sign out. It is also gone if the server restarts for any reason. There is no recovery path because nothing is ever persisted.
The relevant server-side code, in full: