Privacy Policy — Chrome Extension

Effective Date: April 19, 2026

In short: The Bitleo Wallet Chrome extension is self-hosted. You connect it to your own Canton node and your own identity provider. Bitleo does not run any servers for the extension, collects no data, and has no tracking or analytics.

1. Introduction

This Privacy Policy describes how Bitleo ("we", "us", "our") handles information in connection with the Bitleo Wallet Chrome Extension ("the Extension"). We are committed to protecting your privacy and being transparent about our practices.

By installing and using the Extension, you agree to the practices described in this policy.

2. Information We Do Not Collect

The Extension is a client-side application. We do not operate analytics, tracking, or telemetry services. Specifically, we do not collect:

Personal information (name, email, phone number)
Wallet balances, transaction history, or party IDs
Node connection URLs or configuration details
Browsing history or browsing activity
IP addresses or geolocation data
Device fingerprints or hardware identifiers
Analytics, usage metrics, or telemetry

3. Data Stored Locally on Your Device

The Extension stores data exclusively in your browser's local storage (chrome.storage.local and chrome.storage.session). This data never leaves your device unless you explicitly initiate a connection to your Canton node or identity provider.

Data	Storage	Purpose
Master password validator	Local (encrypted)	Verify your password to unlock the wallet
Party configurations	Local	Store your Canton node connection details
Signing keys	Local (AES-256-GCM encrypted)	Sign transactions on your device
OAuth / OIDC tokens	Local (AES-256-GCM encrypted)	Authenticate with your Canton node
Cached balances and transactions	Local	Display wallet data without repeated network requests
Connected DApp origins	Local	Track which websites you have authorized
Wallet settings	Local	Persist your preferences (auto-lock timer, etc.)

Encryption

Sensitive data (signing keys, OAuth tokens) is encrypted at rest using AES-256-GCM with keys derived from your master password via PBKDF2 (1,000,000 iterations, SHA-256). The master password itself is never stored — only a cryptographic validator is kept to verify your input.

4. Network Connections

The Extension makes network requests only when you explicitly configure and connect to external services:

Canton Node (User-Configured)

When you add a party and connect, the Extension communicates directly with the Canton Ledger API and Validator API at the URLs you provide. These connections are used to fetch balances, submit transactions, and subscribe to real-time updates via WebSocket. We do not proxy, intercept, or log these connections.

Identity Provider (User-Configured)

The Extension uses the OpenID Connect (OIDC) protocol to authenticate with your Keycloak or other OIDC-compatible identity provider. The OAuth flow uses PKCE (Proof Key for Code Exchange) for security. Tokens are stored encrypted on your device and refreshed automatically.

All fonts are bundled locally with the Extension. The Extension does not load any third-party assets (fonts, scripts, trackers) at runtime.

5. DApp Integration

The Extension injects a content script into web pages to provide the window.canton API (CIP-0103 standard), allowing decentralized applications (DApps) to interact with your wallet.

DApps must explicitly request a connection, and you must approve each request
Transaction requests from DApps require your explicit approval before execution
You can disconnect any DApp at any time from the DApps tab
The content script does not read, collect, or transmit any page content — it only relays approved messages between the page and the Extension

6. Permissions

The Extension requests the following Chrome permissions:

Permission	Reason
`storage`	Store encrypted credentials, party configs, and wallet settings locally
`identity`	Facilitate the OAuth / OIDC authentication flow with your identity provider
`alarms`	Schedule automatic token refresh to maintain your authenticated session
Host access (on demand)	Connect to the Canton node and identity provider URLs you configure. Requested per-domain when you add a party

7. Third-Party Services

The Extension does not integrate with any third-party analytics, advertising, or tracking services. The only third-party connections are those you explicitly configure (your Canton node, your identity provider).

8. Data Retention and Deletion

All Extension data is stored locally on your device. You can delete it at any time by:

Uninstalling the Extension (removes all stored data)
Clearing site data for the Extension in Chrome settings
Deleting individual parties from the wallet settings

We do not retain any data on our servers because we do not collect any data through the Extension.

9. Children's Privacy

The Extension is not directed at children under 13. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Effective Date" at the top of this page. Continued use of the Extension after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or the Extension's data practices, contact us at:

privacy@bitleo.cc