Last Updated: March 2026
1. DATA WE COLLECT
Email (via Google/Apple OAuth), public wallet addresses, vault metadata, anonymous usage analytics.
2. DATA WE NEVER COLLECT
Private keys, seed phrases, wallet passwords, encryption keys. These exist ONLY on your device.
3. ENCRYPTION
Keys encrypted with AES-256-GCM (Web Crypto API, PBKDF2 600K iterations). Encrypted blob on your device only.
4. STORAGE
Metadata in Supabase with encryption at rest/transit over TLS.
5. THIRD PARTIES
Supabase, Google OAuth, Apple Sign-In, Alchemy RPC, CoinGecko price API.
6. SECURITY
HTTPS, CSP headers, HSTS, XSS/CSRF protection, rate limiting, input validation.