Trust
Privacy Policy
Summary: KrayWallet is self-custodial. Your seed phrase and private keys are generated on your device, encrypted with your password, and never leave your device. We do not collect, store, sell, or share personal data. No analytics, no trackers, no accounts.
1. What we do NOT collect
- No seed phrases, private keys, or passwords — encrypted locally and never transmitted.
- No personal information (name, email, intentional IP logging, device fingerprinting for ads).
- No analytics, telemetry, or usage tracking of any kind.
- No browsing history. The extension content script only exposes
window.krayWallet— it does not read page content.
2. What is stored locally
- Extension: encrypted wallet in
chrome.storage.local; preferences and cached public data for performance. - PWA: encrypted vault in browser
localStorage(or secure storage on native builds).
Removing the extension or clearing site data deletes the local vault. Funds remain on Bitcoin and can be restored from your seed phrase.
3. Network requests
To show balances and broadcast transactions you initiate, the wallet queries public Bitcoin infrastructure and Kray services:
- kray.space — L2 balances, marketplace, bridge, and APIs you use.
- mempool.space / blockstream.info — UTXOs, fees, broadcast.
- ordinals.com — inscription and rune metadata.
Requests contain public blockchain data (addresses, transactions you choose to broadcast). We do not attach identity to them.
4. Transaction signing
All signing happens locally. Only the final signed transaction or message — public once broadcast or submitted — leaves the device. Website signature requests require your explicit approval in the extension.
5. Extension permissions
storage— save encrypted wallet locally.activeTab/tabs— open explorers and connect to the active site.alarms— auto-lock after inactivity.- Host permissions — blockchain and Kray endpoints only.
6. Open source & contact
Source: github.com/tomkray/kraywallet-extension. Questions: Contact.