Your auditor surface area
Every signal you publish or share gives auditors more visibility into your shielded activity — and you control each independently. Nothing here is set by default; you opt into each layer when you want it.
SNS subdomain registered
Not setSenders can resolve a memorable name (e.g. alice.utxopia.sol) to your stealth address. Without this, only people who copy-paste your `utxo:` string can pay you.
Auditor-disclosable bit
OffPublic signal on your SNS record that you're OK receiving outgoing audit memos. Senders see an 'auditor-disclosable' chip when they enter your name.
Designated auditor pubkey
Not setOptional 32-byte Solana pubkey on your SNS record, telling senders who you've granted read-only access to. Just a hint — the actual viewing key share is still out-of-band.
Delegated view keys issued
None issuedEncrypted, slot-scoped viewing keys you've handed to specific auditors. Each one lets the recipient scan your IN (+ OUT, once sender memos populate) records over the chosen slot range — never spend.
Next step
Register an SNS subdomain first — every other signal hangs off it. Head to Settings.
What auditors with your viewing key still can't see
- Your spending key — they read but never sign on your behalf.
- Your funds — issuing a viewing key doesn't move anything.
- Outgoing flows from before sender-memos shipped, or transfers with sender memos disabled (NEXT_PUBLIC_DISABLE_SENDER_MEMOS=1).
- Activity outside the slot range you scoped the delegation to.