Um diese Add-ons zu verwenden, müssen Sie Firefox herunterladen.

Anmelden
Add-on-Symbol

Datenschutzerklärung für HobaWallet

HobaWallet von HobaWallet

0 von 5 Sternen
5
0
4
0
3
0
2
0
1
0
Datenschutzerklärung für HobaWallet

HobaWallet Privacy Policy

Last updated: 2025-09-22

This policy describes how HobaWallet (the “Extension”) handles your data.

What the Extension does

  • Injects an Ethereum provider into web pages (for dapps) and exposes discovery via EIP‑6963.
  • Lets you create or import a wallet and sign transactions/messages.
  • Optionally connects to third‑party RPC endpoints and WalletConnect relays to interact with blockchains and dapps.

Data the Extension stores locally
  • Encrypted wallet vault (seed phrase/private keys) in the browser using IndexedDB. The encryption password is never sent anywhere.
  • User settings (theme, networks, UI preferences) in IndexedDB and extension storage (Chrome: chrome.storage.local; Firefox: browser.storage.local).
  • Session info (e.g., selected account, current chain) in extension storage to improve UX.

All sensitive material (seed/private keys) stays on your device and is encrypted at rest. The Extension does not transmit your keys to any server.

Data the Extension may send

To function, the Extension performs network requests to:
  • Blockchain RPC endpoints (e.g., JSON‑RPC URLs you configure or defaults). These services will see your IP address and the on‑chain requests you make (e.g., eth_call, eth_sendRawTransaction).
  • WalletConnect relay when using WalletConnect. The relay transports encrypted payloads between your wallet and the dapp. The relay provider may see metadata such as IP and timing information.
  • Optional NFT/ENS APIs when you enable related features. These providers may require API keys and will see your IP and the queries made.
  • Browser add-on stores (Chrome Web Store and Mozilla Add-ons) for automatic update checks handled by the browser. These services may receive your IP address, the extension identifier, and the installed version. These requests are managed by the browser, not by the Extension.

Token logos and images
  • The portfolio and token management views may fetch token logos via public Token Lists (CoinGecko and PancakeSwap). The lists provide logoURI fields that point to third‑party image hosts (commonly https://assets.coingecko.com, https://coin-images.coingecko.com, and https://tokens.pancakeswap.finance). If a token is not found in these lists, the Extension may query the CoinGecko API to look up a logo by chain and contract address.
  • What is sent: the browser requests the image URL in the logoURI; when using the CoinGecko API fallback, it sends the chain’s platform slug (e.g., binance-smart-chain) and the token contract address to https://api.coingecko.com. Your IP address is visible to these hosts. No wallet seed, private keys, balances, or identifiers are sent.
  • Authentication: if you configure a CoinGecko Pro API key, requests to api.coingecko.com include the x-cg-pro-api-key header. The key is only used for these API calls and is not shared with other services.
  • Referrer: the Extension sets referrerPolicy=no-referrer on these image requests to avoid sending the extension page URL as a referrer.
  • Accuracy: third‑party logos may be incomplete or outdated. When a logo is unavailable, a non‑identifying fallback icon is shown instead.
  • Choice: if you prefer not to load remote logos, you may block these domains at the network level (e.g., uBlock, firewall) or use the Extension in an environment that restricts external image requests. Core wallet functionality does not depend on remote logos.

These third parties have their own privacy policies. You can choose different RPC endpoints/providers in Settings.

Data sharing

The Extension does not collect, sell, or share personal information. It does not run analytics or send telemetry.

Permissions rationale
  • Storage: save encrypted vault and settings.
  • Offscreen (Chrome only): keep request handling running without the popup open. Not used on Firefox.
  • Alarms: schedule occasional state broadcasts for reliability.
  • Tabs (optional): used only to improve event delivery (hydrating refreshed tabs) and to open the popup fallback if window creation fails. The Extension works without this permission.
  • Content script on http/https: inject the Ethereum provider for dapps to connect. No host permissions are requested beyond the content script match patterns. In Firefox, the permission prompt may read “Access your data for all websites” for this capability; the Extension does not read or track page contents beyond injecting the provider shim needed for dapp connections.

Mozilla Firefox and AMO
  • Same behavior and storage: the Add-on uses the same WebExtensions APIs as Chrome. Wallet keys remain encrypted locally in IndexedDB; settings/session data use browser.storage.local.
  • No telemetry: the Add-on does not collect analytics or personal data. This matches AMO’s “No data collection” category.
  • AMO update/installation checks: Firefox contacts AMO for install and periodic update checks. AMO may see your IP, Add-on ID, and version. These requests are initiated by Firefox and are not controlled by the Add-on.
  • Permissions wording: Firefox may display broader-sounding prompts (e.g., “Access your data for all websites”) due to provider injection on http/https pages. The Add-on does not exfiltrate page content.
  • Feature parity: where Chrome-only APIs exist (e.g., Offscreen), the Add-on uses Firefox-compatible alternatives or omits the Chrome-only capability without impacting core wallet functionality.

Your choices
  • You can remove accounts or clear settings at any time from the UI.
  • You can uninstall the Extension to remove it from your browser. Local data may persist until browser data is cleared.

Contact

For questions or requests regarding this policy, open an issue on the project’s GitHub repository.