Zygo Wallet — Privacy Policy

Last updated: June 11, 2026

Zygo Wallet ("the wallet", "we", "us") is a self-custody, multi-chain cryptocurrency wallet browser extension. This policy explains what data the wallet does and does not handle. The guiding principle is simple: your keys and recovery phrase never leave your device, and we never receive them.

What we do NOT collect

• Private keys & recovery phrases. These are generated on your device, encrypted with a password you choose, and stored only in your browser's local storage. They are never transmitted to us or anyone else.
• Personal accounts. The wallet requires no sign-up, name, or personal profile to use its self-custody features.
• Analytics / tracking. We do not embed advertising or third-party analytics/tracking SDKs in the extension.
• We do not sell or rent any data.

Data processed to make the wallet work

Using any blockchain wallet necessarily involves sending public on-chain data (your public wallet addresses and the transactions you create) to blockchain infrastructure so balances can be read and transactions broadcast. Specifically:

• RPC proxy. Read requests and signed transactions are sent through our proxy service, which relays them to blockchain RPC providers. The proxy processes your public wallet address and request contents to fulfill each request. It may transiently process your IP address for rate limiting and abuse prevention. It does not require or receive your keys.
• Third-party blockchain services. To show balances, prices, token info, swaps, and bridges, the wallet contacts services including Solana RPC providers, Alchemy, Jupiter, DexScreener, Pyth, KyberSwap, and Relay. Requests to these services include public data such as wallet addresses and token/transaction details, as inherent to interacting with a public blockchain. Their handling of that data is governed by their own privacy policies.

Email / social ("embedded") wallets

If you choose to create or restore a wallet using email or a social login, that authentication and the associated key management are provided by Turnkey. Your email/OAuth identity is processed by Turnkey under their privacy policy. We do not store your email or social credentials. This is optional — the default self-custody flow uses no email or login.

Browser permissions

The extension requests only the permissions it needs to function:

• storage — store your encrypted wallet and settings locally.
• offscreen — an isolated context used for signing operations.
• idle / alarms — auto-lock the wallet after inactivity.
• identity — optional OAuth sign-in for embedded wallets.
• sidePanel — open the wallet in the browser side panel.
• Host access — inject the wallet provider into web pages so you can connect to decentralized apps you visit. The wallet only acts when you initiate a connection or approve a request.

Data storage & security

All wallet secrets are stored locally in your browser, encrypted at rest with a key derived from your password. Locking the wallet (manually or via auto-lock) removes the decryption key from memory. Uninstalling the extension removes its local data; make sure you have backed up your recovery phrase first, as we cannot recover it for you.

Children

The wallet is not directed to children under 13, and we do not knowingly collect data from them.

Changes to this policy

We may update this policy; material changes will be reflected by the "Last updated" date above.

Contact

Questions about this policy: hank@hellomoon.io.

Zygo Wallet is a self-custody product. You are solely responsible for safeguarding your password and recovery phrase. Lost recovery phrases cannot be restored by us.