Chainbox Wallet — Privacy Policy / 隐私政策
English Version
1. Introduction
Chainbox Wallet ("Chainbox", "we", "us", or "our") is a self-custodial, multi-chain cryptocurrency wallet that lets you manage your digital assets and interact with decentralized applications. We are committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have.
By installing or using Chainbox Wallet (the "App"), you agree to the practices described in this Policy. If you do not agree, please do not use the App.
2. Information We Do NOT Collect
Chainbox is a non-custodial wallet. The following sensitive data never leaves your device and is never transmitted to our servers:
- Your seed phrase / Secret Recovery Phrase (SRP / mnemonic)
- Your private keys
- Your wallet password / PIN / biometric data
- Your unencrypted balances or transaction history
These secrets are stored only on your device, encrypted at rest using the operating system's keystore (Android Keystore / iOS Keychain) and on-disk encrypted storage. We have no ability to recover them if you lose them.
3. Information We Collect
To deliver and improve the App, we collect a limited amount of data:
3.1 Information you provide
- Public wallet addresses you create or import
- Optional contact list / address book entries (stored locally)
- Optional support communications (email, in-app feedback)
3.2 Information collected automatically
- Device & technical data: device model, operating system version, app version, language, crash logs, performance traces.
- Usage data: anonymized events (e.g. "wallet created", "transaction signed") used solely for product analytics. No private keys, seed phrases, or transaction signatures are collected.
- Network data: public blockchain RPC requests (your public address and the chain RPC endpoint). These are necessary to read on-chain state and broadcast transactions.
4. Permissions We Request and Why
| Android Permission | Purpose | Mandatory? |
|---|---|---|
INTERNET / ACCESS_NETWORK_STATE | Connect to blockchain RPC and dApp services | Yes |
SYSTEM_ALERT_WINDOW | Display WalletConnect approval prompts on top of dApps | Yes |
CAMERA | Scan QR codes (wallet addresses, WalletConnect pairing codes, dApp logins). The camera feed is processed on-device only; no images, video, or QR contents are uploaded to our servers. The camera is activated solely while a scan screen is open and is released as soon as you leave it. | No (only when you tap the scan button) |
RECORD_AUDIO / MODIFY_AUDIO_SETTINGS | Optional voice features (only used when you trigger them) | No |
BLUETOOTH_CONNECT / BLUETOOTH_SCAN / BLUETOOTH / BLUETOOTH_ADMIN | Connect hardware wallets (e.g. Ledger) over Bluetooth | No |
ACCESS_FINE_LOCATION | Required by Android only when scanning for nearby Bluetooth devices. We do not collect, store, or transmit your geographic location. | No |
We do not access your photos, contacts, SMS, call logs, microphone (unless you opt-in to a voice feature), or precise GPS location. The CAMERA permission is used strictly for QR code scanning; you can decline or revoke it in your system settings at any time, and the rest of the App will keep working — only QR scanning will be unavailable.
5. Third-Party Services
- Sentry – crash reporting (anonymized device + stack trace; no wallet data).
- Firebase Cloud Messaging – push notifications.
- Branch.io – deferred deep links for sharing.
- Public blockchain RPC providers (e.g. Infura, Ankr, public RPCs) – read-only blockchain queries and transaction broadcasting.
- WalletConnect – session relays between the App and dApps.
We do not sell your data, and we do not use it for advertising.
6. Data Retention
- On-device data (keys, seed phrase, settings) remains on your device until you uninstall the App or wipe wallet data.
- Crash and analytics events are retained for up to 90 days, then deleted or anonymized.
7. Data Security
- All sensitive material is stored using the device's hardware-backed keystore (Android Keystore / iOS Secure Enclave when available).
- All network traffic is sent over HTTPS / TLS 1.2+.
- The App itself is signed and distributed only through Google Play and the Apple App Store.
No method of transmission or storage is 100% secure; you are responsible for safeguarding the device, lock screen, and seed phrase backup.
8. Children's Privacy
Chainbox is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, please contact us and we will delete it.
9. Your Rights
Depending on your jurisdiction (e.g. GDPR / CCPA), you may have the right to:
- access, correct, or delete the personal data we hold about you,
- object to or restrict our processing,
- request data portability,
- withdraw consent at any time,
- lodge a complaint with your local data protection authority.
To exercise any of these rights, email us at service@simplechain.com.
10. International Transfers
Our service providers may process data in countries outside your own. Where required by law, we use appropriate safeguards (such as Standard Contractual Clauses) for these transfers.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the new version at this URL and update the "Last Updated" date above. Material changes will be communicated in-app.
12. Contact Us
- Email: service@simplechain.com
- Website: https://www.simplechain.com
中文版本
1. 简介
Chainbox Wallet(以下简称"Chainbox""我们")是一款非托管的多链加密货币钱包,帮助你管理数字资产并与去中心化应用(dApp)交互。我们高度重视你的隐私安全。本《隐私政策》说明我们会收集哪些信息、如何使用,以及你拥有的选择。
下载、安装或使用 Chainbox Wallet(以下简称"本应用")即表示你同意本政策所描述的做法。若不同意,请不要使用本应用。
2. 我们绝不收集的信息
Chainbox 是一款非托管钱包。以下敏感信息永远不会离开你的设备,永远不会上传到我们的服务器:
- 你的助记词(Seed Phrase / Secret Recovery Phrase / SRP / Mnemonic)
- 你的私钥
- 你的钱包密码、PIN 码、生物识别数据
- 你的未加密余额或交易历史
这些机密数据仅保存在你的本地设备,使用操作系统的安全存储(Android Keystore / iOS Keychain)以及磁盘加密保存。一旦丢失,我们也无法帮你找回。
3. 我们收集的信息
为提供与改进服务,我们会收集以下少量数据:
3.1 你主动提供的信息
- 你创建或导入的公开钱包地址
- 你可选维护的本地通讯录 / 地址簿(仅本地保存)
- 你联系客服时提供的内容(邮件、应用内反馈)
3.2 自动收集的信息
- 设备与技术数据:设备型号、操作系统版本、应用版本、语言、崩溃日志、性能指标。
- 使用行为:匿名事件(例如"创建钱包""签署交易"),仅用于产品分析。不包含任何私钥、助记词或交易签名内容。
- 网络数据:公共区块链 RPC 请求(包含你的公开地址与所调用的链/方法)。这是读取链上状态、广播交易所必需的。
4. 我们申请的权限及用途
| Android 权限 | 用途 | 是否必需 |
|---|---|---|
INTERNET / ACCESS_NETWORK_STATE | 连接区块链 RPC 与 dApp 服务 | 是 |
SYSTEM_ALERT_WINDOW | 在 dApp 之上展示 WalletConnect 授权弹窗 | 是 |
CAMERA | 扫描二维码(钱包地址、WalletConnect 配对码、dApp 登录)。摄像头画面仅在本地设备处理,不会有任何图像、视频或二维码内容被上传到我们的服务器。仅在你打开扫码界面期间启用,离开后立即释放。 | 否(仅在你点击扫码按钮时启用) |
RECORD_AUDIO / MODIFY_AUDIO_SETTINGS | 可选的语音功能(仅你主动开启时使用) | 否 |
BLUETOOTH_* / BLUETOOTH_ADMIN | 通过蓝牙连接硬件钱包(如 Ledger) | 否 |
ACCESS_FINE_LOCATION | 仅 Android 系统要求:搜索附近蓝牙设备时必需。我们不会收集、存储或上传你的地理位置。 | 否 |
我们不会访问你的相册、通讯录、短信、通话记录、麦克风(除非你主动开启语音功能)或精确 GPS 定位。CAMERA 权限仅用于扫描二维码;你可随时在系统设置中拒绝或撤销该权限,App 其余功能不受影响,仅扫码功能不可用。
5. 第三方服务
- Sentry —— 崩溃上报(仅匿名设备信息与堆栈,不含钱包数据)。
- Firebase Cloud Messaging —— 推送通知。
- Branch.io —— 链接分享与延迟深链。
- 公共区块链 RPC 服务商(如 Infura、Ankr、各公链官方 RPC)—— 只读链上状态与广播交易。
- WalletConnect —— 在本应用与 dApp 之间中继协议消息。
我们不会出售你的数据,也不会用于广告投放。
6. 数据保留
- 本地数据(密钥、助记词、设置)保留至你卸载应用或清除钱包数据为止。
- 崩溃日志与匿名分析事件最长保留 90 天,到期后会被删除或匿名化。
7. 数据安全
- 所有敏感数据均使用设备硬件级密钥存储(Android Keystore / iOS Secure Enclave)保护。
- 所有网络通信均通过 HTTPS / TLS 1.2+ 传输。
- 本应用经签名后仅通过 Google Play 与 Apple App Store 分发。
任何传输和存储方式都无法做到 100% 安全;你需要妥善保管设备、锁屏密码与助记词备份。
8. 儿童隐私
Chainbox 不面向 13 周岁以下(或所在地区法定最低年龄)的儿童。我们不会有意收集儿童的个人信息;若你发现存在此类情况,请联系我们删除。
9. 你的权利
根据你所在地区的法律(如 GDPR、CCPA 等),你可能享有以下权利:
- 访问、更正、删除我们持有的与你相关的个人信息;
- 反对或限制我们对该信息的处理;
- 数据可携权;
- 随时撤回授权;
- 向当地数据保护机构投诉。
如需行使上述权利,请发送邮件至 service@simplechain.com。
10. 跨境传输
我们的服务提供商可能在你所在地区之外的国家或地区处理数据。如法律要求,我们会采取相应的安全措施(如标准合同条款 SCC)。
11. 政策更新
我们可能会不定期更新本政策。更新后我们会在本页面发布新版本,并同步"最近更新"日期。重大变更将通过应用内通知告知你。