Zoff Wallet Privacy Policy
Last updated: April 10, 2026
Summary
Zoff Wallet is a self-custodial browser extension for Canton Network. We do not collect, store, or transmit any personal data. Your private keys never leave your browser.
Data stored locally
The following data is stored exclusively in your browser using chrome.storage.local and localStorage:
- Encrypted keystore — your wallet seed encrypted with AES-256-GCM using your password. The unencrypted seed is never persisted.
- Account metadata — account names, Canton party IDs, and public keys (not sensitive).
- Session token — a short-lived JWT for authenticated API calls, stored in
chrome.storage.session (wiped when the browser quits).
- Connected dApps — a list of origins you have approved, with the permissions you granted.
None of this data is transmitted to Zoff or any third party.
External API calls
The extension communicates with api.zoff.app (our backend) to:
- Allocate Canton parties (on wallet creation)
- Authenticate via a challenge-response protocol
- Read balances and transaction history from the Canton ledger
- Prepare and submit transactions (the signing happens locally in your browser)
The backend proxies requests to the Canton Network participant node. It does not store your private keys, seed phrase, or password.
Browser permissions
storage | Store the encrypted keystore and session data locally. |
activeTab | Detect which tab initiated a dApp connection request. |
sidePanel | Allow the wallet UI to open in Chrome's side panel. |
Private key handling
- Your seed phrase is encrypted with your password before storage.
- Decryption happens only in the popup page context, never in the background service worker.
- Decrypted key material is zeroed from memory immediately after use.
- Transaction signing occurs locally — only the signature is sent to the backend, never the private key.
Third-party services
Zoff Wallet does not use analytics, tracking, or any third-party data collection services.
Contact
For privacy questions, contact privacy@zoff.app.