[benburkert]

No, they stay on the client, our service only has access to the CSR. From our docs:

> The CSR relayed through Anchor does not contain secret information. Anchor never sees the private key material for your certificates.