Privacy Policy

Effective: May 4, 2026

Summary. Bitleo Wallet is a self-custodial wallet for the Canton Network. Your master password and private keys are generated and stored only on your device, encrypted at rest. We cannot access them and cannot recover them. The wallet runs in two modes: self-hosted (we process nothing) and Bitleo-hosted (we process the minimum data described below).

On-device data

Master password validator (never the password itself)
Encrypted private keys, OAuth tokens, session tokens
Party configuration and cached balances

Removed when you uninstall the extension.

Self-hosted mode

Wallet operations occur directly between your browser and your own systems. Bitleo receives nothing.

Bitleo-hosted mode

If you create a hosted wallet with a referral code, we process:

Data	Purpose
Referral code	Verify invitation
Username	Identify your account
Public key	Allocate your Canton party
Activity events	Operate Bitleo Points

We do not collect emails, names, addresses, phone numbers, payment data, browsing history, location, or product analytics. You can switch to self-hosted or stop using Bitleo at any time; your keys stay on your device.

Bitleo Points

We count events tied to your hosted account: account creation, transfer preapproval activation, merging of delegated holdings, and transactions you submit (with a daily cap). We process event count and type only — not recipients, amounts, or contents beyond what's needed to count the event.

Points are tied to your hosted account and are deleted if you delete the account. We do not publish leaderboards or share points data.

Waitlist (bitleo.cc)

If you submit the form, we collect name, company (optional), and email. Submissions are processed by Web3Forms (US) and protected by Google reCAPTCHA. To be removed, email privacy@bitleo.cc.

Canton Network disclosure

By protocol design, your Canton party identifier, public key, and the contract state you are party to are visible to other participants on the network. This is a property of Canton, not a Bitleo choice.

Chrome permissions

Permission	Purpose
`storage`	Persist encrypted credentials locally
`identity`	OAuth sign-in (self-hosted mode)
`alarms`	Schedule background token refresh
`tabs`	Open OAuth and onboarding flows. We do not read tab content.
Host access	Connect to URLs you configure. Granted per origin via Chrome consent prompt.

Your rights

Email privacy@bitleo.cc to access, correct, delete, port, or restrict your data, or to withdraw consent. We respond within 30 days. You may also lodge a complaint with your local data protection authority.

Retention

Hosted account and points data: while active; deleted within 30 days of a deletion request
Waitlist email: until you request removal
On-device data: until you uninstall

Security

Master password processed only on your device
Data encrypted at rest with AES-256-GCM (key derived via PBKDF2)
HTTPS for all network traffic
No remote code loading; assets bundled with the build

Children

Bitleo is not directed at users under 16 and we do not knowingly collect their data.

Changes

We will update this page when practices change and update the effective date above.

Contact

privacy@bitleo.cc