EZWALLET

Privacy & Security

EZWALLET is built as a non-custodial wallet. That means you control your wallet secrets and we design the product to minimize the data we handle.

Overview

  • We do not store your seed phrase, private keys, or wallet encryption password on our servers.
  • Your wallet secrets are encrypted locally on your device.
  • To display balances, history, and fees, the app may query public blockchain infrastructure using your public wallet addresses.
  • When you send a transaction, the app broadcasts a signed transaction to a public blockchain. Signing happens locally.
  • Public blockchains are public: addresses and transactions may be visible and linkable by third parties.

1) Non-custodial model (what it means)

Non-custodial means:

  • You hold the keys: your seed phrase and private keys stay on your device.
  • You control recovery: if you lose your seed phrase, no one (including us) can restore access.
  • You control security: protecting your device and your backup is essential.

What we can’t do:

  • We can’t recover your seed phrase or wallet password.
  • We can’t reverse or “undo” blockchain transactions once they are confirmed.

2) What we collect (and what we don’t)

What we do not collect

We do not collect or store:

  • Seed phrase (mnemonic)
  • Private keys
  • Wallet encryption password

What we may process to provide the service

Depending on how you use the app, we may process:

  • Public addresses (to show balances, history, and transaction status)
  • Transaction metadata (such as transaction IDs, amounts, timestamps, and network fees) that is already part of public blockchain data
  • Basic technical data needed to deliver the website (for example, IP address and browser/device information handled by standard web hosting and security controls)

If you contact support, you choose what to share. Please avoid sending sensitive information (like seed phrases) in any message.

3) Using public blockchains: what becomes public

Public blockchains are transparent by design. When you use the app:

  • Your addresses may be used to look up on-chain data (balances, history, and fees) via public blockchain infrastructure.
  • When you send a transaction, a signed transaction is broadcast to the network and becomes part of the public ledger.

Important implications:

  • On-chain data can be observed, indexed, and correlated by anyone.
  • Wallet activity may be linked to the same address (and sometimes across addresses) by third parties.

Third-party infrastructure providers (RPC & explorers)

To fetch public blockchain data and broadcast signed transactions, EZWALLET may use third-party infrastructure providers (for example RPC endpoints, blockchain explorers, and public indexers).

Depending on the chain and feature, these providers may include services such as:

  • RPC providers (e.g., Alchemy) for reading chain state and broadcasting signed transactions
  • Explorer/indexer APIs (e.g., Etherscan/BscScan, TronScan) for transaction metadata and history
  • Public chain data endpoints (e.g., mempool.space, litecoinspace.org) for UTXO chains
  • Price/rates providers used to estimate fiat values (where available)

What they can typically see: your IP address and request metadata, and the public identifiers you query (such as public addresses and transaction IDs). What they should not receive: your seed phrase, private keys, or wallet password—those stay on your device.

4) Local storage on your device

To operate as a non-custodial wallet, some data must be stored locally:

  • Encrypted wallet secrets: your wallet seed is stored on your device in encrypted form.
  • App preferences: settings like display preferences may be stored locally (for example in browser storage).

Using the EZWALLET browser extension

If you use the EZWALLET browser extension, the same non-custodial principles apply:

  • Your seed phrase/private keys remain encrypted locally in your browser (within the extension’s local storage).
  • The extension may query public blockchain infrastructure using your public addresses to display balances, history, and fees.
  • When you send a transaction, the extension broadcasts a signed transaction to the network. Signing happens locallyin the extension.

Removing local data

You can remove local wallet data by:

  • Using the app’s reset/remove wallet options (if available in the UI), and/or
  • Clearing the site’s local storage in your browser settings.

After removal, you will need your seed phrase to restore the wallet.

5) Security safeguards (high-level)

We use common, modern safeguards designed for non-custodial wallets:

  • Local encryption: wallet secrets are encrypted on your device using your password.
  • Auto-lock: the wallet can lock after inactivity to reduce the risk of someone accessing it when you step away.
  • Secure delivery: the app is intended to run over HTTPS to protect data in transit and enable secure browser cryptography.

No security measure is perfect. The most important factor is the security of your device and your backup practices.

6) Transaction safety

When you send a transaction:

  • The app creates a transaction and signs it locally using your wallet secrets.
  • The app then broadcasts the signed transaction to a public blockchain network.
  • The seed phrase/private keys are not sent to any server for transaction signing.

Before sending, always verify:

  • Network/chain
  • Recipient address
  • Amount
  • Fees

Blockchain transactions are typically irreversible once confirmed.

7) Risks & limitations

You should be aware of the main risks of any non-custodial wallet:

  • Lost seed phrase: if you lose your seed phrase, access to funds cannot be recovered.
  • Compromised device: malware, unsafe extensions, or a compromised browser can steal sensitive data.
  • Phishing and social engineering: attackers may trick you into revealing your seed phrase or sending funds to a wrong address.
  • Address privacy: third parties can monitor and link blockchain addresses and transactions.

8) Best practices (recommended checklist)

  • Back up your seed phrase offline (paper or secure hardware). Never store it as a screenshot.
  • Never share your seed phrase with anyone. We will never ask for it.
  • Use a strong, unique password for wallet encryption.
  • Keep your browser and OS updated.
  • Be cautious with browser extensions and unknown software.
  • Consider a small test transaction when sending to a new address for the first time.

9) Legal

Cookies

The website may use essential cookies required for basic functionality and security. If we use any optional cookies (for example, analytics), we will provide appropriate notice and choices where required by applicable law.

If a cookie consent banner is shown, closing the banner via the “×” button is treated as consent (same as clicking “Accept”).

Google Analytics

We may use Google Analytics to understand how the website is used (for example, page views and aggregated usage metrics). This data is intended to help us improve the product. You can decline analytics cookies in the consent banner when prompted.

Data retention

We aim to retain data only as long as necessary for legitimate purposes (such as security, reliability, and compliance), and to minimize any personal data we handle.

No financial advice

The app provides software tools to interact with public blockchains. Nothing on this website is financial, legal, or tax advice.

10) Contact & responsible disclosure

If you believe you found a security issue, please contact us via the security channel listed on this site (or in the project documentation).

When reporting, include:

  • A clear description of the issue and impact
  • Steps to reproduce
  • Affected pages/components (if known)
  • Any suggested fix or mitigation (optional)

Please do not publicly disclose vulnerabilities until we have had a reasonable opportunity to investigate and address them.

© 2026 All rights reserved