Overview

W2QR does not collect, store, or transmit any personal data. All cryptographic operations run entirely in your browser. No server-side processing of user data occurs.

Data that stays on your device

• Your seed phrase (exists in browser memory only during derivation)
• Your password (never stored — used only for key derivation)
• Encrypted QR payloads (generated and decoded locally)
• Derived signing keys (stored in MetaMask's encrypted Snap state, session-scoped)

Data we never receive

• Your seed phrase or any derivative keys
• Your password
• Your Ethereum addresses or transaction data
• Any analytics on cryptographic operations or signing sessions
• Browser fingerprints or device identifiers

MetaMask Snap

The W2QR Connect Snap runs inside MetaMask's sandboxed execution environment. It stores imported account data in MetaMask's encrypted Snap state. The Snap communicates only with MetaMask locally — it makes no external network requests. Signing sessions are time-limited and expire automatically.

Third-party services

The application is hosted on Vercel, which may log standard HTTP access data (IP address, user agent, request timestamp) as part of normal CDN operation. No third-party analytics, tracking, advertising, or telemetry scripts are included in the application.

Cookies

W2QR does not use cookies. No local storage or session storage is used to track users. The only browser storage used is MetaMask's internal Snap state, which is managed by MetaMask.

Changes to this policy

If this privacy policy changes, the updated version will be posted on this page with a revised date. Since we collect no data, changes are unlikely.

Contact

For questions about this privacy policy, contact alex@vir-tec.net.