Privacy Policy
🔒 Zam Wallet is non-custodial and privacy-first. We do not collect, store, or sell your personal data. Your private keys and seed phrases never leave your device.
1. Who we are
Zam Wallet ("we", "us", "our") is a non-custodial multi-chain cryptocurrency wallet available as a Chrome browser extension. The extension is published at zamwallet.io. This Privacy Policy explains what information is processed when you use Zam Wallet, how it is used, and your rights.
2. Information we do NOT collect
We are committed to collecting as little information as possible. Specifically, we never collect:
- Your private keys, seed phrases, or PIN
- Your name, email address, phone number, or any identifying information
- Your IP address or location data
- Browsing history or the websites you visit
- Transaction history or wallet balances stored on our servers
- Any analytics, telemetry, or usage statistics
3. How your data is stored
All sensitive wallet data is stored locally on your device using Chrome's encrypted storage APIs. It never leaves your browser except in the following encrypted form:
- Your seed phrase and private keys are encrypted using AES-256-GCM with a key derived from your PIN using PBKDF2 (210,000 iterations, SHA-256)
- Encrypted data is stored in chrome.storage.local on your device only
- Your unlock PIN is never stored — only a SHA-256 hash is kept for verification
- The decrypted key material exists only in browser memory while the wallet is unlocked and is wiped when you lock
4. External API calls
To provide wallet functionality, the extension makes network requests to third-party services. These requests use your public wallet address (which is not personally identifiable by us) to query blockchain data. We do not transmit any personal information in these requests.
| Service | Purpose | Data sent |
|---|---|---|
| callapi.zamwallet.io | Remote config (API keys, feature flags) | None — GET request only |
| Alchemy (api.g.alchemy.com) | EVM RPC, token balances, swap quotes | Wallet address (public) |
| Ankr (rpc.ankr.com) | EVM, Bitcoin, Solana RPC fallback | Wallet address (public) |
| Public node RPC (*.publicnode.com) | EVM RPC fallback | Wallet address (public) |
| Binance RPC (bsc-dataseed1.binance.org) | BNB Chain RPC | Wallet address (public) |
| Solana (api.mainnet-beta.solana.com) | Solana balance and transactions | Wallet address (public) |
| BlockCypher (api.blockcypher.com) | Bitcoin balance and broadcast | Wallet address (public) |
| Mempool.space / Blockstream | Bitcoin transaction data and fees | Wallet address (public) |
| CoinGecko (api.coingecko.com) | Token prices and market data | Token symbol list only |
| Open Exchange Rates (open.er-api.com) | Fiat currency rates | None — public API |
| Google Translate API | UI translation | UI text strings only |
| api.qrserver.com | QR code generation for receive addresses | Wallet address (public) |
| SideShift / 0x API | Swap token routing data | Token pair and amount |
None of these services receive your private keys, seed phrase, PIN, name, email, or any personally identifiable information.
5. Cookies and tracking
Zam Wallet does not use cookies, tracking pixels, fingerprinting, or any form of analytics. There are no advertisements in the extension. We have no advertising partners and we do not sell data to any third party.
6. Permissions used by the extension
| Permission | Why it is needed |
|---|---|
| storage | Store your encrypted vault, preferences, and balance cache locally on your device |
| clipboardWrite | Allow you to copy your wallet address or transaction hash with one click |
| clipboardRead | Allow you to paste recipient addresses into the Send form |
| tabs | Get the current window ID to open the side panel; open block explorer links in a new tab |
| alarms | Wake the background service worker periodically to pre-fetch balance data |
| sidePanel | Allow the wallet to open as a persistent Chrome side panel |
7. Remote code
Zam Wallet does not execute remote code. All JavaScript is bundled with the extension package. The extension's Content Security Policy is set to script-src 'self'; object-src 'self' which prevents any remote script execution. API calls return JSON data only — never executable code.
8. Children's privacy
Zam Wallet is not directed at children under the age of 18. We do not knowingly collect any information from children. Cryptocurrency wallets involve financial risk and are intended for adult use only.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. We encourage you to review this page periodically. Continued use of Zam Wallet after any changes constitutes your acceptance of the updated policy.
10. Contact us
If you have any questions about this Privacy Policy or how Zam Wallet handles your data, please contact us:
- Website: zamwallet.io
- Email: privacy@zamwallet.io