Privacy Policy

Transparency, confidentiality, and security are core principles of AVAX Wallet. This document explains what data we handle, how it is processed, and the rights you retain as a user.

1. Data Collection

AVAX Wallet operates fully on your device. It is a non-custodial application, meaning that we never have access to your private keys, seed phrases, or assets. All encryption, transaction signing, and validation are performed locally — nothing leaves your system without your explicit consent.

We may collect minimal, anonymized diagnostic data (for example, application version or crash information) to help us improve performance and compatibility. This data never includes personal identifiers or blockchain activity.

You can disable any telemetry entirely through the application settings. Default installation is telemetry-off.

2. Cookies and Local Storage

We do not use advertising or tracking cookies. AVAX Wallet stores preferences exclusively in local storage, so the information stays inside your browser or desktop environment.

The following data may be stored locally to enhance your experience:

  • Theme selection (light or dark mode)
  • Preferred network (Mainnet, Testnet, or custom RPC)
  • Last used wallet address (for convenience, never uploaded)
  • Session lock timeout preference

These settings are optional, reversible, and isolated to your own device. Clearing your browser cache or app data removes them completely.

3. Third-Party Services

The wallet directly communicates with official Avalanche nodes or user-defined RPC endpoints. No proxying or data relaying through our infrastructure occurs. Price feeds, staking statistics, and validator lists are retrieved through transparent public APIs with open documentation.

Third-party services integrated into AVAX Wallet (such as GitHub releases, Ledger, or Trezor libraries) operate under their own privacy policies, which we recommend reviewing separately.

“Your wallet, your keys — our code, your control.”

4. Security and Encryption

Security is designed in layers: encrypted local storage, isolated hardware wallet communication, and strict signature verification for every transaction. All builds are PGP-signed and available with reproducible hashes for independent validation.

Passwords and recovery phrases are never transmitted or synced remotely. When using hardware wallets, signing occurs entirely on the physical device, ensuring isolation even from potential host compromises.

If you discover a vulnerability or a potential security flaw, please report it privately to security@avaxwallet.org — response guaranteed within 24 hours.

5. Your Rights and Control

Because AVAX Wallet does not store or process any personal user data on our servers, we are naturally compliant with GDPR, CCPA, and other privacy regulations. You are in full control of all wallet data, including deletion — simply clearing the local storage or uninstalling the app removes all stored preferences.

If you reach out to us by email for support, your message is used solely for response purposes and deleted upon case resolution. We do not build user profiles, mailing lists, or marketing databases.

6. Policy Updates and Transparency

AVAX Wallet evolves with the Avalanche ecosystem, and our privacy practices adapt accordingly. Any substantial policy changes will be announced publicly through our verified channels before they take effect.

Historical versions of this document are archived and available for audit in our open GitHub repository, ensuring verifiable transparency at every stage.

Last updated: September 2025