Legal

Privacy Policy

Last updated — March 14, 2026

1. Introduction

This Privacy Policy describes how Ecliptic Labs (“we,” “us,” or “our”) handles information in connection with the Ecliptic Wallet browser extension and the ecliptic.one website (collectively, the “Services”).

Ecliptic Wallet is a non-custodial wallet. We do not operate servers that store your personal data. Your keys, your tokens.

2. Information We Do Not Collect

The Ecliptic Wallet extension is designed with privacy at its core. We do not collect, store, or transmit:

  • Wallet private keys, seed phrases, or passwords
  • Personally identifiable information (name, email, address)
  • Browsing history or web activity
  • IP addresses or geolocation data
  • Analytics, telemetry, or usage metrics
  • Keystroke logs, clipboard data, or screen captures

3. Data Stored Locally on Your Device

The extension stores the following data exclusively on your device using the Chrome Extension Storage API:

DataStoragePurpose
Encrypted vaultchrome.storage.localAES-256-GCM encrypted wallet (seed phrase or private key), protected by your password via PBKDF2 with 600,000 iterations
Session statechrome.storage.sessionTemporary unlock state (public key & decrypted secret key) to persist across service worker restarts. Automatically cleared on browser close or after 15 minutes of inactivity
Connected siteschrome.storage.localList of dApp origins you have approved for wallet connection (e.g., swap.ecliptic.one)

Your password is never stored — it is used only to derive the encryption key and is discarded immediately after. Sensitive cryptographic material is securely wiped from memory when the wallet locks.

4. Network Communications

The extension communicates with a single external endpoint:

https://rpc.ecliptic.oneEcliptic L2 JSON-RPC endpoint

All network requests are standard JSON-RPC calls for blockchain operations: querying balances, fetching blockhashes, simulating transactions, and broadcasting signed transactions. These requests contain only blockchain-level data (public keys, serialized transaction bytes) — no personal information.

No data is sent to analytics services, advertising networks, third-party APIs, or any other external servers.

5. Website (ecliptic.one)

The ecliptic.one website is a static site. We do not use cookies, tracking pixels, analytics scripts, or any form of user tracking. No personal data is collected when you visit the website.

6. Third-Party Data Sharing

We do not sell, rent, lease, or share any user data with third parties. Since we do not collect personal data, there is nothing to share.

7. Security

The extension employs the following security measures:

  • AES-256-GCM authenticated encryption for vault data at rest
  • PBKDF2 key derivation with 600,000 iterations (SHA-256)
  • SLIP-0010 Ed25519 HD key derivation for deterministic wallet generation
  • Content Security Policy restricting scripts to extension-internal only (script-src 'self')
  • Secure memory wipe of private keys and seed material after use
  • Auto-lock after 15 minutes of inactivity
  • No remote code — all JavaScript is bundled within the extension package

8. Children's Privacy

Our Services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated “Last updated” date. Continued use of the Services after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy, you can reach us at:

privacy@ecliptic.one