Privacy Policy
Overview
KaToT's Wallet is a Chrome browser extension that provides a local wallet interface for the WAX blockchain. We are fully committed to your privacy. This policy explains exactly what data the extension accesses, where it is stored, and how it is used.
Data We Collect
We collect no personal data whatsoever. KaToT's Wallet does not send any information to external servers we operate. There are no analytics scripts, no telemetry, no usage tracking, and no crash reporting services embedded in this extension.
Data Stored Locally on Your Device
The extension stores the following data exclusively in Chrome's local extension storage (chrome.storage.local) on your device. This data never leaves your browser except as described under "Network Requests" below.
- WAX account names and associated private keys you choose to add
- Account permissions and optional description tags
- Extension settings (selected wallet type, RPC endpoint, Hyperion endpoint)
- CPU Payer account name, permission level, and private key (if configured)
- Transaction whitelist rules (contract::action pairs per origin)
- An optional master password hash for session locking
All stored data remains on your local device and is governed by Chrome's built-in extension storage security model.
Network Requests
Network requests are made solely for the following purposes, entirely at the user's explicit request:
- Balance fetching: Requests are sent to public WAX Hyperion API endpoints to retrieve token balances for accounts you have added. The only data sent is the WAX account name.
- Transaction broadcasting: When you sign and approve a transaction, the signed transaction is broadcast to the WAX RPC node you have configured. Private keys are never transmitted — signing is performed entirely in-browser.
You choose which RPC and Hyperion endpoints the extension connects to. The extension ships with public preset endpoints (Greymass, AlohaEOS, EOS Amsterdam, Pink.gg, and others) but you may change these to any endpoint of your choice at any time.
Backup Files
The extension includes an optional encrypted backup feature. If you use it, all account and settings data is exported to a .waxbak file saved directly to your local device. This file is encrypted using AES-256-GCM with a password you provide. We never receive, process, or store this file. It exists solely on your device.
Permissions Requested
The extension requests only the Chrome permissions necessary to function:
| Permission | Why it is needed |
|---|---|
storage |
To save your accounts, keys and settings locally in Chrome's extension storage |
tabs |
To open the transaction approval popup window when a dApp requests signing |
scripting / content scripts |
To inject the wallet provider API (window.wax, window.wombat, etc.) into WAX dApp pages so they can communicate with the extension |
Third-Party Services
When you fetch token balances or broadcast transactions, the extension communicates with public WAX blockchain infrastructure (RPC nodes and Hyperion endpoints). These are independent, publicly operated blockchain services. We do not operate these nodes and have no control over their individual privacy practices. You can review which endpoints are in use and change them at any time from the extension's Network settings tab.
Data Sharing & Monetization
We do not sell, trade, rent, or otherwise monetize any user data. No data is shared with advertisers, data brokers, or any third parties.
Children's Privacy
This extension is not directed at children under the age of 13. We do not knowingly collect any information from children.
Changes to This Policy
If this privacy policy changes, the updated version will be published at this URL with a revised "Last updated" date. Continued use of the extension after any change constitutes acceptance of the updated policy.
Contact
If you have any questions about this privacy policy, please contact us at: [email protected]