Privacy Policy
Effective date: May 2026 — version 0.1.0
Short version
Heldby collects nothing. Your keys, addresses, balances, and transaction history never leave your device. There is no analytics, no telemetry, no crash reporting, and no server that knows you exist.
What we collect
Heldby does not collect, transmit, or store any personal data on external servers. All wallet data lives exclusively in chrome.storage.local on your device, encrypted at rest, and is never transmitted to any Heldby-controlled server.
Data stored on your device
The following is stored locally in your browser, encrypted with AES-256-GCM using a key derived from your PIN via PBKDF2. Uninstalling the extension deletes all of it permanently — there is no cloud backup.
Third-party services
Heldby communicates with two external services to function. All requests are routed through a Cloudflare Worker privacy proxy — neither service ever sees your IP address. API keys are stored as server-side secrets and are not bundled in the extension.
Routed through privacy proxy — your IP is never exposed
Routed through privacy proxy — your IP is never exposed
Analytics and tracking
Heldby contains no analytics SDK, crash reporting library, error tracking service, or usage metrics collection of any kind. We do not know how many users have installed the extension, how often it is opened, or which features are used.
Children
Heldby is not directed at users under 13 years of age. We do not knowingly collect information from children.
Changes to this policy
Material changes will be published with a new effective date. Previous versions are preserved in the public git history. Continued use of Heldby after a policy update constitutes acceptance of the revised terms.
Contact
Questions about this policy? Email us at security@heldby.io.
Contact us