Privacy Policy

Last Updated: February 8, 2026

1. Introduction

Untaxed Wallet ("the Extension") is committed to protecting your privacy. This Privacy Policy explains how we handle data when you use the Extension.

TL;DR: We don't collect, store, or transmit any personal data. Everything runs locally in your browser.

2. Data We Do NOT Collect

The Extension does not collect, store, or transmit:

• Personal information (name, email, address, etc.)
• Analytics or usage data
• IP addresses or device identifiers
• Browser fingerprints or tracking cookies
• Wallet addresses or transaction history (outside your local browser)
• Private keys or seed phrases (these never leave your device)

3. Local Data Storage

The Extension stores data locally in your browser using Chrome's chrome.storage.local API. This data includes:

Encrypted Wallet Data

• Encrypted private keys — AES-256 encrypted with your password
• Wallet metadata — wallet names, IDs, and public addresses
• Active wallet selection — which wallet is currently active

Trading Data

• Transaction history — records of your trades (buy/sell/send)
• Position tracking — bought/sold SOL amounts per token
• Settings — quick buy amounts, RPC URL, slippage preferences

Temporary State

• Current token — the last detected token address (cleared when service worker restarts)
• Decrypted keys — held in memory only while wallet is unlocked

All this data is stored locally on your device and is never transmitted to us or any third party.

4. Third-Party API Requests

The Extension makes API requests to third-party services for functionality. These requests may include your public wallet address or token contract addresses, but never your private keys.

Jupiter Ultra API (api.jup.ag)

• Used for: Swap routing and execution
• Data sent: Token mints, amounts, taker address, API key
• Purpose: Obtain swap transactions and execute trades
• Privacy policy: jup.ag

Helius DAS API (rpc.helius.xyz)

• Used for: Token metadata and wallet holdings
• Data sent: Token mint addresses, wallet public addresses
• Purpose: Fetch token names, symbols, logos, and balances
• Privacy policy: helius.dev

Solana RPC Nodes

• Used for: Blockchain queries and transaction submission
• Data sent: Public addresses, signed transactions
• Purpose: Check balances, submit transactions, confirm status
• Note: You can configure a custom RPC endpoint in settings

We have no control over and are not responsible for the privacy practices of these third-party services. Please review their respective privacy policies.

5. Data Security

While we don't transmit your data, we take local security seriously:

• AES-256 encryption for all private keys using password-derived keys (PBKDF2)
• Content Security Policy to prevent XSS attacks
• Sandboxed execution via Chrome's extension security model
• No inline scripts in extension pages
• Open-source code for community security audits

6. Content Script Permissions

The Extension uses a content script that runs on axiom.trade to detect token contract addresses. This script:

• Scans the page DOM for Solana addresses
• Does NOT read form inputs, passwords, or sensitive fields
• Does NOT modify page content or inject ads
• Only sends detected token addresses to the Extension's service worker

7. Browser Permissions

The Extension requests the following Chrome permissions:

• sidePanel — Display the trading UI in the browser sidebar
• storage — Store encrypted wallet data locally
• activeTab — Communicate with axiom.trade tabs
• tabs — Query open axiom.trade tabs for token detection
• scripting — Inject detection code when content script is unavailable

These permissions are used solely for Extension functionality and not for tracking or data collection.

8. No Backend or Server

The Extension does not have a backend server. All code runs locally in your browser. We cannot access your data because it never leaves your device.

9. No Cookies or Tracking

The Extension does not use cookies, tracking pixels, or any analytics services. There is no Google Analytics, Mixpanel, or similar tracking.

10. Children's Privacy

The Extension is not intended for use by individuals under the age of 18. We do not knowingly collect data from children.

11. Open Source Transparency

The Extension is fully open-source. You can inspect all code to verify our privacy claims and ensure no data collection is taking place.

12. Data Deletion

To delete all Extension data:

1. Uninstall the Extension from Chrome
2. Or use Chrome's "Clear browsing data" with "Site data" selected

This will permanently delete all wallets, keys, transaction history, and settings stored by the Extension. Make sure to back up your private keys before doing this.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the Extension after changes constitutes acceptance.

14. Contact

For privacy questions or concerns, please contact us through the Chrome Web Store or via the support channels listed on our website.

15. GDPR & CCPA Compliance

Since we do not collect personal data, GDPR and CCPA data subject rights (access, deletion, portability) do not apply. However, you always have full control over your local Extension data.