WalletChan ("the Extension") is a Firefox/Chrome browser extension that allows users to interact with decentralized applications (dApps) on EVM blockchains. This Privacy Policy explains how we handle your information.

=== Data Stored Locally on Your Device ===

The Extension stores the following data locally in your browser using the browser's storage APIs:

• Encrypted API Key: Your Bankr API key, encrypted with AES-256-GCM using a password you create. The password is never stored.
• Encrypted Private Keys / Seed Phrases: For users who import private key or seed phrase accounts, these secrets are encrypted with AES-256-GCM and a key derived from your password (PBKDF2, 600,000 iterations). Secrets are decrypted in memory only when needed for signing.
• Wallet Addresses: The blockchain addresses you configure or import.
• Network Configuration: Custom RPC endpoints and network settings.
• Transaction History: A record of your last 50 transactions (stored locally for your reference).
• User Preferences: Settings such as auto-lock timeout, selected theme, and display preferences.

All of this data remains on your device. We do not have access to it and cannot retrieve it.

=== Data Transmission ===

The Extension transmits data to the following external services:

• Bankr API (api.bankr.bot): Transaction details and API key — used to execute blockchain transactions for Bankr API accounts only.
• Blockchain RPC Endpoints: Standard Web3 RPC calls — used to read blockchain state (balances, contract data) and broadcast signed transactions.
• eth.sh API: Blockchain addresses — used to fetch human-readable labels for contract addresses.
• Google Favicons: Website domains — used to display website icons in the UI.

=== Data We Do NOT Collect ===

• Browsing history or website visits
• Personal information (name, email, etc.)
• Analytics or usage tracking data
• Keystrokes or form inputs outside the Extension
• Your password (only used to derive encryption keys, never stored or transmitted)

=== Data Retention ===

• Local Data: Stored until you clear it via the Extension settings or uninstall the Extension.
• Transaction History: Limited to the 50 most recent transactions; older entries are automatically removed.
• No Server Storage: We do not operate servers that store your data. All persistent data is stored locally on your device.

=== Data Deletion ===

You can delete your data at any time:

1. Clear Transaction History: Settings → Clear Transaction History
2. Reset Extension: Uninstall and reinstall to remove all stored data
3. Browser Data: Clear the browser's extension storage via browser settings

=== Security ===

• Secrets are encrypted using AES-256-GCM with PBKDF2 key derivation (600,000 iterations)
• Your password never leaves your device and is never stored
• The Extension auto-locks after a configurable timeout period
• All code is bundled at build time; no remote code is executed

=== Children's Privacy ===

The Extension is not intended for use by children under 13 years of age. We do not knowingly collect information from children.

=== Open Source ===

WalletChan is open source. The source code is available at:
https://github.com/apoorvlathey/walletchan

=== Contact ===

• Twitter/X: @apoorveth
• GitHub: open an issue at https://github.com/apoorvlathey/walletchan/issues