Wire Wallet — Privacy Policy
Last updated: 2026-05-06
Wire Wallet (“the wallet”) is a non-custodial wallet for the Wirefluid EVM network. It ships in two forms: a web app served from this site, and a browser extension. This policy covers both. Where behavior differs between the two, the difference is called out.
1. Summary
- The wallet does not have a backend server.
- The wallet never transmits your seed phrase, private keys, or password anywhere.
- The only network requests the wallet makes are JSON-RPC calls to the EVM node you select.
- There are no analytics, telemetry, advertising SDKs, or third-party trackers.
2. Data the wallet stores locally
All data below is stored only on your device. The web app uses IndexedDB via Dexie; the extension uses chrome.storage.local. Nothing under this section leaves your device.
| Data | Purpose | Encryption |
|---|---|---|
| Encrypted vault (mnemonic + private keys) | Sign transactions and messages | AES-256-GCM, key derived from your password via PBKDF2-SHA512 (600,000 iterations) |
| Wallet password | Derives the encryption key | Held in browser memory only while unlocked; auto-locked after 15 minutes of inactivity. Never persisted in plaintext. |
| Selected address, active chain, custom chains | UI preferences | Plaintext (non-sensitive) |
| Transaction history cache | Display in the activity tab | Plaintext (already public on-chain) |
| Notification log | Display in the bell dropdown | Plaintext |
| Sign-history log | Audit trail for messages / typed-data signed for dApps | Plaintext |
| Connected dApp origins (extension only) | Per-origin account access list | Plaintext |
| Pending approval queue (extension only) | dApp requests awaiting user decision | Plaintext, ephemeral |
3. Data the wallet transmits
The wallet makes JSON-RPC requests to the EVM node URL configured in the active chain (default: https://evm.wirefluid.com). The request payload contains:
- public read methods: block number, balance, transaction receipts, etc.
- broadcast methods: signed transaction bytes (
eth_sendRawTransaction).
The RPC endpoint operator can see your IP address and the wallet addresses you query — this is unavoidable for any wallet that talks to a public node. To minimise this, run your own node and set its URL as a custom RPC.
4. Data the wallet does NOT collect or transmit
- It does not collect names, emails, phone numbers, or any other personally identifying information.
- It does not read or transmit the content of any web page you visit.
- It does not track your browsing history.
- It does not include analytics, telemetry, advertising SDKs, or third-party tracking pixels.
5. dApp interaction (extension)
When you connect to a dApp, the extension shares only the public wallet address(es) you approve, scoped to that origin. Each signature, transaction, and chain switch requires explicit approval in the popup. You can revoke any connection at any time via Settings → Connected Sites.
6. Permissions (extension)
The extension requests storage, tabs, activeTab, scripting, alarms, notifications, and host_permissions: <all_urls>. Each is used only for wallet functionality (encrypted storage, dApp provider injection, OS notifications for incoming receives, periodic background sync). A per-permission justification is published in the Chrome Web Store listing.
7. Third parties
The wallet does not share data with third parties, does not sell user data, and does not use it for advertising or credit decisions.
The wallet UI loads the Manrope typeface from Google Fonts. This causes Google to receive your IP address as part of the standard HTTP request for the font file. No identifying data is sent.
8. Security
- Vault encryption: AES-256-GCM with PBKDF2-SHA512 (600,000 iterations) password derivation.
- Cryptographic primitives: audited zero-dependency libraries —
@noble/hashes,@noble/curves,@scure/bip32,@scure/bip39, Web Crypto for AES-GCM. - Private keys live in memory only during a signing operation and are wiped immediately after.
- Auto-lock after 15 minutes of inactivity by default.
9. Removal and recovery
Uninstalling the extension or clearing browser site data for the web app removes all locally stored data. Before doing so, export your seed phrase via Settings, otherwise you will lose access to your funds. The same seed phrase recovers your wallet from any compatible wallet client.
10. Changes to this policy
We will post any changes to this page and update the “Last updated” date at the top.
11. Contact
For privacy questions, security disclosures, or removal requests, contact us via the support channel listed on the Wire Wallet listing in the Chrome Web Store, or open an issue in the project repository.