PARACYT Wallet is a Chrome browser extension developed and operated by Glewme Corp, a Delaware C corporation ("we", "us", "our"). PARACYT Wallet is the trade name of the wallet product. The wallet is open source for inspection and audit.
This policy describes how the wallet handles user data. It applies to the PARACYT Wallet extension distributed through the Chrome Web Store and any directly installed builds.
PARACYT Wallet stores the following data locally on your device only, inside Chrome's encrypted extension storage (chrome.storage.local):
https://example.com) that you have explicitly approved to interact with the wallet, with the timestamp of approval. You can revoke any origin at any time from the wallet's "Connected Sites" view.None of this data leaves your device unless required to broadcast a transaction (which contains the public components of your address by design — this is true of all blockchain transactions on every wallet) or to read public on-chain data (balances, token metadata, etc.).
To function as a multi-chain wallet and DEX aggregator, PARACYT Wallet contacts the following third-party services. The contact is initiated only when you, the user, take an action that requires it (e.g. opening the wallet, requesting a balance, requesting a swap quote). The wallet does not phone these services in the background outside of a 30-second backend health check.
To read on-chain balances and broadcast transactions, the wallet contacts public and paid blockchain RPC nodes for each supported chain. Primary endpoints are operated by QuickNode, Inc. for the chains Glewme Corp has subscribed to (Solana, Ethereum, Arbitrum, BNB Chain, Linea, Avalanche). Fallback public RPCs include nodes operated by Llama Nodes, PublicNode, dRPC, Ankr, Cloudflare, and the official chain foundations (e.g. Coinbase for Base, Optimism Foundation for Optimism). When you initiate any read or write to a chain, the corresponding RPC will see your IP address and the request payload (which for blockchain transactions is, by design, public). RPC providers may log requests under their own privacy policies.
lite-api.jup.ag) — used to fetch swap quotes and build swap transactions on Solana. Jupiter sees your wallet address (sent in the swap-build request so the resulting transaction can be signed) and the swap parameters. Jupiter is operated by Jupiter Studios; their privacy policy applies to their service.api.1inch.dev) — used to fetch swap quotes and build swap transactions on supported EVM chains. 1inch sees your wallet address and swap parameters. 1inch is operated by 1inch Network; their privacy policy applies to their service.You can avoid contact with DEX aggregators entirely by simply not using the Swap feature. The aggregators are contacted only when you click into the Swap UI and confirm a swap.
The Bridge, Activity, Pools, and Launch features of the wallet communicate with PARACYT backend services hosted by Glewme Corp at tokenchef.win. These features are disabled and shown as "Coming Soon" when the backend is unreachable. When you use these features, the backend receives your wallet address and the requested operation. The backend does not store IP addresses with wallet activity. Communication is over HTTPS.
The DEX swap UI displays token icons and names sourced from the Jupiter and 1inch token lists. Loading these images contacts the image hosts (typically tokens.1inch.io, raw.githubusercontent.com, IPFS gateways, and various token-issuer hosts). Glewme Corp does not control these third-party image hosts.
The extension requests the following Chrome permissions:
storage — to store the encrypted keystore, settings, and approved origins on your device. No data leaves the device through this permission.activeTab — to allow the wallet's dApp provider to detect which page you are on when a website requests a wallet connection.tabs — to open links from the wallet popup (e.g. blockchain explorers, transaction details).host_permissions: <all_urls> — required so the wallet's dApp provider script (window.paracyt.ethereum, window.paracyt.solana) can be injected into web pages, which is how every browser-based crypto wallet (MetaMask, Phantom, Rabby, etc.) works. The wallet does not read page content or browsing activity. The provider script only forwards messages between an explicitly-approved web page and the wallet's service worker. A page must call connect() and receive your express approval before any wallet data is shared with that page.Your private keys exist in two forms only:
chrome.storage.local. Without your password, the keystore cannot be decrypted by Glewme Corp, by us, or by anyone else.Private keys are never written unencrypted to disk and are never transmitted to any server.
PARACYT Wallet maintains a Merkle tree of WOTS+ (Winternitz One-Time Signature) keypairs derived from your master seed. Each tree contains 1,024 single-use signature keys. The wallet stores a counter (the "leaf index") indicating which keys have been used, so a one-time key is never used twice. The counter is stored locally and is not transmitted. The WOTS+ keypairs themselves are derived deterministically from the seed at signing time; only the seed and the counter are persisted.
PARACYT Wallet does not set cookies, fire web beacons, or use fingerprinting. The extension's privacy policy page (this document), if hosted on the web, may use the standard HTTP request logging of its host server; that logging contains no information specific to wallet usage.
All wallet data is stored locally on your device. To delete your wallet data, use the "Delete Wallet" button in the wallet's settings (which requires password reconfirmation), or uninstall the extension from Chrome's extension settings. Either action immediately removes the encrypted keystore and all related data from your device. Once removed locally, the data cannot be recovered by Glewme Corp because we never had a copy.
We do not retain a separate copy of any user data on our servers because we never collect any.
PARACYT Wallet is not directed at children under 13. The wallet does not collect any personal information from any user, including children. We do not knowingly collect data from minors.
PARACYT Wallet is designed to operate without collecting user data, so the same privacy posture applies regardless of where you are. Because some third-party services contacted by the wallet (RPC providers, DEX aggregators) operate globally, your blockchain transaction data — which is, by the public nature of blockchains, already public — may transit international networks during normal blockchain operation. This is true of any wallet on any blockchain.
If a security vulnerability is discovered in PARACYT Wallet, we will publish updated versions through the Chrome Web Store. Users are encouraged to keep auto-updates enabled. Critical vulnerabilities will be disclosed at https://paracyt.com/security when patched.
If we update this privacy policy, the "Last updated" date at the top of this page will be revised. Material changes that affect how data is handled will be communicated through the Chrome Web Store listing's update notes. We will not introduce data collection without an explicit version update and notice.
Because we do not collect personal information, most data-protection rights (access, deletion, portability) do not have data to apply to. You retain full control of your wallet data because it lives on your device. You can:
For privacy questions or to report a concern, contact:
Glewme Corp
Email: privacy@paracyt.com
Website: https://paracyt.com
For security vulnerabilities, please email security@paracyt.com.
Glewme Corp is incorporated in the State of Delaware, United States. Any disputes regarding this privacy policy will be governed by the laws of the State of Delaware, without regard to conflict of laws principles, and will be resolved in the state or federal courts located in Delaware.