Privacy Policy

Last Updated: March 8, 2026

1. Introduction

Pocket Wallet ("we", "our", or "the app") is a non-custodial Solana mobile wallet that prioritizes your privacy and security. This Privacy Policy explains in detail how we handle (or rather, don't handle) your information when you use our application.

Key Principle: Pocket Wallet operates with a zero-knowledge architecture. We have no servers, no databases, and no way to access your funds or personal information.

2. Information We Do NOT Collect

Pocket Wallet does not collect, transmit, or store any of the following:

• Personal Information: No names, email addresses, phone numbers, or any identifying information
• Financial Data: No wallet balances, transaction amounts, or portfolio values
• Usage Analytics: No tracking of which features you use, how often you use the app, or your behavior patterns
• Device Information: No device IDs, IP addresses, or hardware specifications
• Location Data: No GPS coordinates or location tracking of any kind
• Crash Reports: No automatic error reporting or diagnostic data collection
• Marketing Data: No advertising IDs or marketing profiles

3. How Your Data is Stored Locally

All wallet data is stored exclusively on your device using secure, encrypted storage mechanisms provided by your operating system:

3.1 Private Keys and Mnemonic Phrases

• Storage Method: Expo SecureStore with hardware-backed encryption
• Encryption: AES-256 encryption using your device's secure enclave (Keychain on iOS, Keystore on Android)
• Access Control: Keys are only accessible when the app is unlocked and authenticated
• Multi-Wallet Support: Each wallet's private key and mnemonic are stored separately with unique identifiers (format: w_pk_{wallet_id} and w_mn_{wallet_id})
• Derivation Path: HD wallets use BIP44 derivation path m/44'/501'/0'/0' for Solana

3.2 Wallet Metadata

• Storage Method: AsyncStorage (unencrypted local storage)
• Data Stored: Wallet names, public keys, wallet IDs, creation timestamps, and active wallet selection
• Why Unencrypted: This data is not sensitive (public keys are meant to be public) and needs to be quickly accessible

3.3 Transaction History Cache

• Purpose: Cached locally for faster loading and offline viewing
• Source: Retrieved from public Solana blockchain via RPC nodes
• Content: Transaction signatures, timestamps, amounts, and recipient addresses
• Note: This is public blockchain data, not private information

3.4 Application Settings

• Language Preference: Your selected language (English, Chinese, Japanese, Korean)
• RPC Endpoint: Your chosen Solana RPC node URL (Mainnet, Devnet, or custom)
• Biometric Settings: Whether biometric authentication is enabled (boolean flag only)
• App Lock Status: Whether the app is currently locked

4. Biometric Authentication

Pocket Wallet supports fingerprint, Face ID, and iris recognition for enhanced security:

• Processing: All biometric authentication is handled entirely by your device's operating system (iOS LocalAuthentication or Android BiometricPrompt)
• No Access: The app never accesses your actual biometric data (fingerprints, face scans, iris patterns)
• Storage: Only a boolean flag indicating whether biometric auth is enabled is stored in SecureStore
• Optional: Biometric authentication is completely optional and can be disabled at any time
• Fallback: Device passcode/PIN can always be used as a fallback

5. Blockchain Interactions

Pocket Wallet connects directly to Solana blockchain nodes to function. Here's what data is transmitted:

5.1 RPC Node Communications

• Public Key Queries: Your wallet's public address is sent to RPC nodes to retrieve balance and transaction history
• Transaction Broadcasting: Signed transactions are broadcast to the network (this is how blockchain works)
• Token Metadata: Requests for token names, symbols, and logos
• NFT Data: Queries for NFT metadata and images
• Important: Your private keys are NEVER transmitted. Only public addresses and signed transactions are sent

5.2 Default RPC Endpoints

• Mainnet: https://api.mainnet-beta.solana.com (operated by Solana Foundation)
• Devnet: https://api.devnet.solana.com (operated by Solana Foundation)
• Custom: You can configure your own RPC endpoint for enhanced privacy

5.3 What RPC Nodes Can See

When you use Pocket Wallet, RPC nodes can observe:

• Your wallet's public address (which is public information on the blockchain anyway)
• Your IP address (standard for any internet connection)
• Timing of your queries (when you check your balance or send transactions)

Privacy Tip: For maximum privacy, consider using a VPN or running your own Solana RPC node.

6. Third-Party Service Integrations

6.1 Jupiter Aggregator (Token Swaps)

• Purpose: Provides optimal token swap routes and pricing
• Data Shared: Token pair (what you're swapping), amount, and your wallet's public address
• API Calls: Made directly from your device to Jupiter's API
• Privacy Policy: https://jup.ag/privacy-policy
• Note: Swap transactions are executed on-chain and are publicly visible on the Solana blockchain

6.2 Token Metadata Services

• Purpose: Retrieve token logos, names, and descriptions
• Sources: Solana Token List, on-chain metadata programs
• Data Shared: Token mint addresses (public information)

6.3 NFT Metadata Services

• Purpose: Display NFT images and attributes
• Sources: IPFS, Arweave, or centralized hosting (depending on the NFT)
• Data Shared: NFT mint addresses and metadata URIs (public information)

7. Cryptographic Implementation Details

For transparency, here are the cryptographic libraries and methods we use:

• Key Generation: BIP39 for mnemonic phrases, BIP44 for HD wallet derivation
• Signing: Ed25519 signatures via TweetNaCl library
• Encoding: Base58 encoding via bs58 library
• Secure Storage: Expo SecureStore (wraps iOS Keychain and Android Keystore)
• Random Number Generation: Cryptographically secure random number generation for key creation

8. Data Retention and Deletion

• Retention: All data remains on your device until you explicitly delete it
• Wallet Deletion: Deleting a wallet removes its private key, mnemonic, and metadata from your device
• App Uninstallation: Uninstalling the app deletes all locally stored data
• Clear App Data: You can clear all app data through your device settings
• Important: Once deleted, data cannot be recovered unless you have backed up your mnemonic phrase

9. Security Best Practices

While we don't collect your data, you should still protect it:

• Backup Your Mnemonic: Write down your 12-word recovery phrase and store it securely offline
• Enable Biometric Lock: Protect your wallet with fingerprint or Face ID
• Use Strong Device Security: Set a strong PIN/password on your device
• Beware of Phishing: Never share your mnemonic phrase or private key with anyone
• Verify Transactions: Always double-check recipient addresses before sending
• Keep App Updated: Install updates to receive security patches

10. Open Source Transparency

Pocket Wallet is fully open source, which means:

• Code Audit: Anyone can review our source code to verify our privacy claims
• No Hidden Tracking: You can confirm there are no analytics, tracking, or data collection mechanisms
• Community Verification: Security researchers and developers can audit our cryptographic implementation
• Reproducible Builds: You can build the app yourself from source code to ensure it matches the published version
• GitHub Repository: [Your GitHub URL here]

11. Children's Privacy

Pocket Wallet does not collect information from anyone, including children under 13 years of age. However, cryptocurrency management requires understanding of financial concepts and security practices. We recommend parental supervision for users under 18.

12. International Users

Pocket Wallet can be used anywhere in the world. Since all data is stored locally on your device:

• No data crosses international borders through our systems
• GDPR, CCPA, and other privacy regulations are inherently satisfied (we don't collect data)
• You maintain full control and ownership of your data

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in the app or legal requirements. Changes will be posted on our website and in the app with an updated "Last Updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.

14. Your Rights

Since we don't collect your data, traditional data rights (access, deletion, portability) don't apply in the usual sense. However, you have complete control:

• Right to Access: All your data is on your device - you can access it anytime through the app
• Right to Delete: Delete wallets or uninstall the app to remove all data
• Right to Export: Export your mnemonic phrase or private key to use in other wallets
• Right to Control: You have complete control over your data at all times

15. Contact Information

If you have questions about this Privacy Policy or our privacy practices:

• Website: https://pocketwallet.qqdata.click
• GitHub Issues: Report an Issue
• Email: pocketwallet@postm.net

16. Legal Disclaimers

16.1 No Warranty

Pocket Wallet is provided "as is" without warranties of any kind, either express or implied. We do not guarantee that the app will be error-free, secure, or uninterrupted.

16.2 Your Responsibility

By using Pocket Wallet, you acknowledge and agree that:

• You are solely responsible for securing your private keys and mnemonic phrases
• Lost or stolen keys cannot be recovered by us or anyone else
• Cryptocurrency transactions are irreversible
• You are responsible for complying with tax laws and regulations in your jurisdiction
• You understand the risks associated with cryptocurrency

16.3 Limitation of Liability

We are not liable for any losses, damages, or claims arising from:

• Loss of private keys or mnemonic phrases
• Unauthorized access to your device
• Errors in transaction amounts or recipient addresses
• Network fees or failed transactions
• Third-party service failures (RPC nodes, Jupiter, etc.)
• Bugs, vulnerabilities, or security breaches
• Changes in cryptocurrency value

16.4 Regulatory Compliance

Pocket Wallet is a non-custodial wallet tool. We:

• Do not provide financial, investment, or legal advice
• Are not a financial institution or money transmitter
• Do not custody, control, or have access to user funds
• Are not responsible for regulatory compliance in your jurisdiction

17. Acknowledgment

By using Pocket Wallet, you acknowledge that you have read, understood, and agree to this Privacy Policy. You understand that this is a non-custodial wallet and that you have complete responsibility for securing your private keys and funds.