Back to home

Privacy Policy

Last updated: April 17, 2026

1. Who we are

Zoff Wallet is a self-custodial browser wallet for the Canton Network, published by 0x80 Labs LLC. This policy covers both the Chrome extension ("the extension") and the marketing website at zoff.app ("the site"). Contact: privacy@zoff.app.

2. Self-custody, in one paragraph

Your seed phrase and private keys are generated on your device, encrypted on your device with a password only you know, and stored on your device. They are never transmitted to any 0x80 Labs server, any third party, or any analytics pipeline. 0x80 Labs cannot read them, cannot recover them, and cannot freeze or move funds in your wallet. If you lose both your password and your written-down seed phrase, your funds are not recoverable by us or by anyone else.

3. What the extension stores on your device

The extension uses Chrome's local storage APIs to persist the minimum needed to work:

  • Encrypted keystore — your wallet seed encrypted with AES-256-GCM, keyed with a PBKDF2-SHA256 derivation (600,000 iterations) from your password. The unencrypted seed is never written to disk.
  • Account metadata — display names, Canton party IDs, and public keys. Public keys are not sensitive; party IDs are public identifiers on the Canton ledger.
  • Short-lived session token — a JWT used for authenticated backend calls, kept in chrome.storage.session (wiped when the browser quits) with a 24-hour fallback in local storage.
  • Connected dApps — a list of origins you have approved, with the permissions you granted.

None of this data is transmitted anywhere. It exists only in your browser and can be wiped by uninstalling the extension or clearing its storage.

4. What the extension sends over the network

When the extension talks to our backend at api.zoff.app, the payload is limited to:

  • Your public Canton party ID (for balance and activity queries).
  • Pre-signed transaction payloads — the signing happens locally against your decrypted key in the popup context, and only the signature travels.
  • A short-lived JWT on the Authorization header, over HTTPS.

The backend proxies these requests to a Canton Network participant node. It does not store your seed phrase, your private keys, or your password — because it never receives them.

5. What the extension does NOT collect

  • No analytics, telemetry, or tracking SDK is bundled into the extension.
  • No crash reporting or error-reporting service runs in the extension.
  • No browsing history. The content script that exposes window.cantonWallet to Canton dApps on all sites does not read or transmit page content; it exists only so dApps can detect the wallet and request a connection, which you approve explicitly.
  • No cookies. The extension does not use HTTP cookies.
  • No IP geolocation, no device fingerprinting.

6. What the website collects

Separate from the extension, on zoff.app:

  • Waitlist form — if you submit your email (and optionally your Twitter handle) to join the waitlist, we store that email, the optional handle, a salted SHA-256 hash of your IP address, and a truncated User-Agent string. The IP hash and User-Agent are used to detect signup abuse (same person signing up many times) and are not used for advertising. A confirmation token is emailed to verify the address.
  • Analytics — we use Umami, a privacy-respecting analytics tool self-hosted at analytics.zoff.app. It records aggregate page-view and event counts. It does not set tracking cookies, does not build a cross-site profile, and does not transmit any identifying data. Umami runs on the marketing site and docs only — not inside the extension.
  • Fonts — we load Fraunces, Nunito, IBM Plex Mono, and Lilita One via Google Fonts (fonts.gstatic.com). Google receives the HTTP request for the font file.

7. Third-party services we use

  • Resend — sends your waitlist confirmation email. Receives your email address and the confirmation link. Used only for transactional emails.
  • Canton Network participant node — our backend relays your read queries and signed submissions to a Canton participant we operate. The ledger itself is a public, distributed system.
  • Umami (self-hosted) — aggregate web analytics for the marketing site and docs only. See §6.
  • Google Fonts — font delivery for the marketing site and docs only.

No third party receives data from the extension. The services above are used by the website (or, for Resend, by our backend when processing website waitlist signups).

8. Data retention

  • On-device data (encrypted keystore, account list, session) persists until you uninstall the extension or clear its storage.
  • Waitlist records are retained until we launch publicly, after which they may be kept to notify you of launch and subsequent product updates. You can request deletion at any time by emailing privacy@zoff.app.
  • Umami analytics are kept in aggregate form (no raw per-visitor records beyond what Umami stores by default).

9. Your rights

  • Access, correction, deletion — email privacy@zoff.app to request a copy of any data we hold about you, to correct it, or to have it deleted. For waitlist records, we will respond within 30 days.
  • Opt-out — you can leave the waitlist at any time by replying to any confirmation email or by emailing the address above.
  • Browser controls — you can clear the extension's local storage at any time via Chrome's extension settings, which removes the encrypted keystore and all account metadata from your device. Make sure your seed phrase is backed up first — once cleared, it cannot be recovered.

10. Children

Zoff Wallet is not directed at, and is not intended for use by, individuals under 13 years of age. We do not knowingly collect any data from children. If you believe a child has submitted data to us, please email privacy@zoff.app and we will delete it.

11. Security

All data in transit between the extension and our backend is encrypted with TLS. The keystore on your device is encrypted at rest with AES-256-GCM. Decryption happens only in the popup context, not in the background service worker, and decrypted key material is held in memory only for the duration of the signing operation.

12. Changes to this policy

If this policy materially changes, we will update the "Last updated" date at the top of this page and note the change in the changelog. For substantive changes that affect what data we collect or how we use it, we will also notify you by email if you are on the waitlist.

13. Contact

Privacy questions: privacy@zoff.app. General support: hello@zoff.app.