Privacy Policy

Effective: 2026-05-19. This is the canonical privacy policy for the Spaniel Wallet web app at spanielwallet.com and the Spaniel Wallet browser extension (Chrome Web Store + Firefox Add-ons).

The short version

Spaniel Wallet is non-custodial. Your recovery phrase, password, private keys, and the encrypted vault stay on your device only. None of that ever reaches our servers, our infrastructure, or any third party. We collect no personal information.

What we do NOT collect

Your recovery phrase (BIP-39 mnemonic).
Your password, ever — not even as a hash.
Your private key bytes or any derivative.
Your encrypted vault envelope is local-only (browser IndexedDB for the web app; chrome.storage.local for the extension).
Your email, real name, phone number, IP address, or any other PII.

What the wallet talks to over the network

Solana RPC — to read balances, fetch token accounts, and broadcast transactions you have signed. The RPC sees your public wallet address only (which is already a permanent on-chain identifier of every signed transaction).
Spaniel Syndicate Cloudflare Worker — the web app's tabs (Binder, Market, Rescue Pool, Affiliate) call our backend to fetch Spaniel-Syndicate-specific state (your binder, marketplace listings, etc.). All requests use your public wallet address only.
Cloudflare Web Analytics — cookieless page-view + page-load measurement. No IP storage, no cross-site identifiers, no tracking pixels. Read Cloudflare's policy for the full data model.

What the extension talks to (none of the above changes)

The browser extension has the same network behavior as the web app for the wallet-specific paths. dApp pages (MagicEden, Jupiter, Tensor, etc.) use their own RPC for balances and broadcasts — the extension forwards transaction requests from those pages to your popup for approval and returns the signed bytes. The extension does NOT inject extra network requests into pages it runs on.

The extension declares host_permissions: <all_urls> so its content script can register the Wallet Standard provider on every dApp page. It does not read page DOM, scrape forms, or exfiltrate any browsing data.

If you forget your password

Your encrypted vault is unrecoverable without either (a) your password or (b) your 12-word recovery phrase. We cannot recover either one for you. Back the recovery phrase up the moment you create a wallet.

Open source & verification

Everything described above is verifiable in the public source code at github.com/SpanielSyndicate/spanielsyndicate.com. Inspect extension/background.js for the message-routing surface and js/wallet-core/ for the cryptographic primitives (Argon2id + AES-256-GCM, ed25519 via Paul Miller's audited noble libraries).

Contact

Security disclosures or privacy questions: admin@spanielsyndicate.com. Code-level issues: open one in the public issue tracker.

Changes

Material changes will be announced via @SpanielSolana and a revised effective date here. We will never silently broaden data collection — the wallet's non-custodial, no-PII-collected posture is the product, not a default that can be flipped.