Cairn Wallet — Privacy Policy

Cairn Wallet is a non-custodial browser wallet for the Compute Substrate (CSD) network. The short version: the extension does not collect, transmit, sell, or share your personal data, and your keys never leave your device.

What the extension stores on your device

The following is stored only in your browser's local extension storage, on your own device:

• Your encrypted vault: your recovery phrase and private keys, sealed with AES-256-GCM using a key derived from your password (PBKDF2-SHA256, 600,000 iterations). The decrypted phrase and keys exist only in memory while the wallet is unlocked, and are cleared on lock and by a 15-minute idle auto-lock.
• Your public account list (addresses and labels), so the wallet can show your accounts.
• Your local transaction history and sealed-claim records, kept per address.
• Your settings (the node RPC and Cairn API endpoints you choose).

None of this is transmitted to us or to any third party. The extension contains no analytics, telemetry, or tracking.

What the extension sends, and to whom

To work as a wallet, the extension communicates only with the blockchain node and API endpoints you configure. By default these are the public Compute Substrate node proxy and the Cairn API at cairn-substrate.com; you can point them at your own node in Settings.

• It reads public chain data (your balance, unspent outputs, proposals) from the node.
• It submits transactions you explicitly approve to the node's /tx/submit endpoint.
• For "Sign in with CSD", it signs a server-provided random nonce locally and sends only the signature to prove control of your address. No password and no key are sent.

Transactions and addresses submitted to a blockchain are inherently public on that network. That is a property of the blockchain, not data collection by this extension.

What the extension does not do

• It does not collect personally identifiable information.
• It does not transmit your private key, recovery phrase, or password anywhere.
• It does not sell or transfer any user data to third parties.
• It does not use any data for advertising, profiling, or creditworthiness.
• It does not include analytics, trackers, or remotely hosted code.

Permissions

• storage: to save your encrypted vault, account list, history, and settings on your device.
• alarms: to run the 15-minute idle auto-lock and to retry registering a post's off-chain content after its transaction is mined.
• Host access to your configured node and API (cairn-substrate.com by default, plus a local node at 127.0.0.1:8790 if you run one; any custom host is requested only when you set it in Settings): to read chain data and submit the transactions you approve.

Data retention and deletion

All data lives on your device. Use Reset in the wallet, or remove the extension, to delete it. We hold no copy and cannot recover a lost password or recovery phrase.

Contact

Questions or security reports: inversealtruism@gmail.com.