Demos Wallet – Privacy Policy

Browser Extension · Non-Custodial Crypto Wallet

Effective: June 2025 Version 1.0
Demos Wallet is built on a single principle: your keys, your data, your control. This policy explains exactly what information the extension stores, how it is protected, and what we will never do with it. We do not collect personal data, we do not run remote servers that receive your keys, and we do not monetise your usage.

1. What Demos Wallet Is

Demos Wallet is a non-custodial browser extension that lets you create, import, and manage crypto wallets, connect to decentralised applications (dApps), and approve blockchain transactions — all without entrusting your private keys to any third party, including us.

Because Demos Wallet is non-custodial, we never hold, see, or have access to your private keys or seed phrases at any point.

2. Data Stored Locally on Your Device

All data is saved exclusively in your browser's local storage. Nothing is uploaded to external servers. The following data may be stored:

Encrypted private keys Network preferences Address book entries Pending transaction metadata UI settings (e.g. dark mode)

Encryption guarantee: Private keys are encrypted on your device before being written to storage. The decrypted key exists only in memory while your session is active and is never written to disk in plaintext.

3. Data We Do Not Collect

We are explicit about what we don't do:

No Tracking

We do not track your browsing activity, visited sites, or dApp usage.

No Analytics

No telemetry, crash reports, or usage analytics are sent to our servers.

No Personal Data

We do not collect names, email addresses, IP addresses, or any personally identifiable information.

No Key Transmission

Cryptographic keys never leave your device without an explicit action initiated by you (e.g. signing a transaction).

4. Browser Permissions Explained

Demos Wallet requests only the minimum permissions required for it to function. Here is what each permission does and why it is necessary:

Alarms

Used exclusively to manage the lifecycle of your active session inside the background service worker. Because the decrypted private key lives in memory, the browser may terminate the service worker at any time — which would force you to re-enter your password constantly. The alarms permission schedules lightweight wake-ups that keep your session alive while you are actively using the extension.

This permission does not access web page content, does not collect browsing data, and is not used for tracking of any kind.

Content Scripts (dApp Provider Injection)

A wallet provider bridge is injected on pages where you explicitly connect your wallet. This enables dApps to request connections and prompt you for transaction or signature approvals. The script does not scrape page content, does not modify the site's UI beyond the required provider interface, and exposes only the wallet functions you explicitly approve.

5. Remote Data Fetching

To display up-to-date balances, token prices, and transaction statuses, the extension may fetch data only from external HTTPS endpoints. These responses are always parsed as data and are never executed as code.

No remote code execution: All executable logic is bundled with the extension at install time. We do not use eval(), dynamic <script> injection, or any other mechanism to load and run code from external hosts. A strict Content Security Policy enforces this at the browser level.

6. Security Practices

On-Device Encryption

Keys are encrypted using strong cryptography before being written to browser storage. Only your password unlocks them.

Memory-Only Sessions

Decrypted keys exist only in the service worker's memory during an active session. They are wiped when the session ends.

Content Security Policy

A strict CSP prevents any external script from being loaded or executed within the extension context.

Minimal Permissions

Only permissions strictly required for core wallet functionality are requested. No broad host permissions or unnecessary APIs.

7. Third Parties & Data Sharing

We do not sell, rent, or share your data with any third party. Blockchain networks you interact with are public by nature — transactions you broadcast are visible on-chain, as is standard for all blockchain activity. This is inherent to how public blockchains work and is not a disclosure by Demos Wallet.

Any RPC providers or price data APIs used to fetch blockchain information receive only standard network request metadata (e.g. your IP address as part of the HTTP request). We have no control over how those providers handle such requests and recommend reviewing their individual privacy policies.

8. Your Rights & Control

Because all data is stored locally on your device, you are in full control at all times:

Delete wallet data by uninstalling the extension Clear local storage from your browser settings Export your seed phrase to migrate at any time Revoke dApp connections from within the extension

9. Changes to This Policy

If we update this Privacy Policy, the new version will be published at the same URL with a revised effective date. Significant changes will be communicated via the extension's update notes in the Chrome Web Store. Continued use of the extension after an update constitutes acceptance of the revised policy.

10. Contact

If you have questions or concerns about this Privacy Policy or how Demos Wallet handles data, please open an issue on our official repository or contact us through the support channel listed in the Chrome Web Store listing.