1) Summary (High Level)
- We do not sell your personal information.
- We do not collect your private keys or seed phrase (recovery phrase) and we will never ask for them outside of your wallet’s secure onboarding flow.
- Most wallet data is stored locally in your browser profile and is accessible only to you on your device, unless you choose to use a feature that requires network requests (e.g., querying balances via public RPC endpoints).
- Blockchain data is public by nature. Your wallet addresses, transactions, NFTs, and token holdings may be visible on public block explorers. We do not control public blockchain visibility.
2) Definitions
- Personal Information: Information that identifies, relates to, describes, or could reasonably be linked to you (e.g., email address, IP address in some contexts).
- Wallet Data: Public wallet addresses, transaction history, NFTs, token balances, and related blockchain metadata.
- Device Data: Browser/device information such as extension version, browser type, operating system, and diagnostic logs.
- RPC Provider: A blockchain node or service used to read blockchain data and broadcast transactions.
3) Information We Collect
A) Information You Provide
- Support Requests: If you contact support, we may collect your name (if provided), email address, and the contents of your message and attachments.
- Optional Feedback: If you submit feedback, bug reports, or feature requests, we collect the information you include.
B) Information Collected Automatically
- Device & Extension Data: Extension version, browser type, operating system, language, timestamps, and limited diagnostic information for reliability and security.
- Network Data (Limited): When the extension connects to blockchain infrastructure, your IP address and request metadata may be visible to your network provider and any RPC endpoint you use (as with any internet request).
C) Wallet & Blockchain Information
- Public Addresses: Wallet addresses you create or import may be stored locally to display your assets and activity.
- Transactions: Transaction data is fetched from the blockchain or third-party providers to display history and status.
- NFT/Token Metadata: NFT images/metadata may be loaded from decentralized storage (e.g., IPFS/Arweave) or standard web hosts, depending on the asset.
D) Sensitive Data (Seed Phrase / Private Keys)
- We do not collect or store your seed phrase or private keys on our servers.
- Keys and/or recovery phrases (if applicable) are handled and stored locally using browser storage and/or encrypted storage mechanisms.
- You are responsible for securing your device, password(s), and recovery phrase. If you lose your recovery phrase, we cannot restore it.
4) How We Use Information
- Provide the Services: Display wallet balances, NFTs, tokens, and enable transaction signing and broadcasting.
- Security: Detect, prevent, and address fraud, abuse, unauthorized access, and security incidents.
- Support: Respond to support requests and troubleshoot issues.
- Improve the Services: Fix bugs, optimize performance, and develop new features (using aggregated or de-identified information where feasible).
- Compliance: Comply with legal obligations and enforce our terms and policies.
5) Legal Bases (Where Applicable)
Depending on your location, we process information based on one or more legal bases, including: providing the Services (performance of a contract), our legitimate interests (security, reliability, improvement), your consent (where required for certain optional features), and compliance with legal obligations.
6) How We Share Information
We share information only as described below:
| Category | Who We Share With | Why | Examples |
|---|---|---|---|
| Blockchain requests | RPC providers / node operators | Fetch balances, submit transactions, read chain data | Public RPC endpoints or a user-configured endpoint |
| NFT metadata & media | Content hosts / decentralized storage gateways | Load NFT images and metadata | IPFS gateways, Arweave gateways, standard HTTPS hosts |
| Support communications | Email or ticketing providers (if used) | Respond to issues and requests | [Insert provider names if applicable] |
| Legal / safety | Authorities, regulators, or advisors | Comply with law; protect rights and safety | Responding to lawful requests |
We do not sell personal information and we do not share personal information for cross-context behavioral advertising.
7) Third-Party Services & Links
The Services may interact with third-party services such as block explorers, token/NFT metadata services, decentralized storage gateways, or DApps you choose to connect to. Your use of those third-party services is subject to their terms and privacy policies. We are not responsible for third-party privacy practices.
8) Cookies & Tracking
The NFTVault Wallet Chrome Extension itself generally does not use cookies in the traditional website sense. If we operate a companion website, it may use cookies for basic functionality, security, and analytics (if enabled). If analytics are used, we will describe the provider and your opt-out choices here: [Describe analytics/cookie usage or state “No analytics used.”]
9) Data Storage, Retention, and Deletion
A) Local Storage
- Wallet configuration and wallet addresses are stored locally within your browser profile.
- Encrypted key material (if applicable) is stored locally and protected by the security controls you enable (e.g., password/biometrics, OS login, etc.).
B) Server-Side Retention (If Any)
If NFTVault operates backend services (for example, a relay service, optional account features, or support systems), we retain information only as long as necessary to provide the Services, comply with law, resolve disputes, and enforce agreements.
C) How to Delete Data
- Extension removal: Uninstalling the extension typically removes extension-managed local data. Some browsers may preserve certain local data unless cleared.
- Clear data: You can clear site/extension storage in your browser settings to remove residual local data.
- Support records: To request deletion of support communications, contact us at [[email protected]].
10) Security
- We use reasonable administrative, technical, and physical safeguards designed to protect information.
- No method of transmission or storage is 100% secure. You use the Services at your own risk.
- Important: Never share your seed phrase or private keys with anyone. Beware of phishing and fake support requests.
11) Your Choices
- RPC Endpoint Choice: If the extension allows custom RPC endpoints, you can choose which provider your wallet uses.
- DApp Connections: You can choose whether to connect to third-party DApps and whether to approve requested permissions.
- Notifications: If the extension offers notifications, you can enable/disable them in browser settings and/or extension settings.
12) Privacy Rights (U.S. States, EEA/UK, and Other Regions)
A) EEA/UK (GDPR)
Depending on your jurisdiction, you may have rights to access, correct, delete, object to, or restrict processing of your Personal Information, and the right to data portability. You may also withdraw consent where we rely on consent. To exercise rights, contact us at [[email protected]].
B) California (CCPA/CPRA) and Other U.S. State Privacy Laws
You may have rights to know/access, delete, and correct certain personal information, and to opt out of certain sharing/targeted advertising where applicable. NFTVault does not sell personal information and does not share personal information for cross-context behavioral advertising.
- Request submission: Email [[email protected]] with the subject “Privacy Request.”
- Verification: We may need to verify your request (for example, by confirming control of an email thread you initiated).
- Authorized agents: If an authorized agent submits a request, we may require proof of authorization.
C) Appeals
If we deny your privacy request, you may have the right to appeal depending on your jurisdiction. Contact us to initiate an appeal.
13) Children’s Privacy
The Services are not directed to children under 13 (or the age defined by applicable law). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact us and we will take appropriate steps to delete it.
14) International Transfers
If you access the Services from outside the United States, your information may be processed in the United States or other jurisdictions where our service providers operate. We take steps intended to ensure an adequate level of protection where required by law.
15) Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date and, where appropriate, provide additional notice within the extension or on our website.
16) Chrome Extension Permissions & Data Use (Transparency)
NFTVault may request certain Chrome extension permissions to function. We use permissions only to provide wallet functionality and security.
- Storage: Used to store wallet settings and encrypted local data.
- Host permissions (website access): Used to interact with DApps you choose, and to connect to RPC endpoints and metadata hosts.
- Notifications (if enabled): Used to display user-initiated or security-related notifications.
- Clipboard (if enabled): Used to copy addresses/transaction IDs at your request.
Note: Specific permissions vary by version. You can review and manage permissions in Chrome’s extension settings.
17) Contact Us
If you have questions or requests regarding privacy, contact:
- Email: [[email protected]]
- Publisher: [Legal Entity / Individual Name]
- Address: [Optional]
Important Reminder: NFTVault Wallet cannot recover your seed phrase or private keys. Keep your recovery phrase secure and never share it.