Privacy Policy

Last Updated: May 28, 2026

1. Introduction

HotKey is a Chrome wallet extension. This Privacy Policy explains how we handle data when you use the HotKey extension and website.

TL;DR: HotKey does not collect personal data, accounts, private keys, seed phrases, or your wallet activity. Public blockchain data may be sent to Solana infrastructure only to perform actions you request.

2. Data We Do NOT Collect

HotKey does not collect or store:

• Personal information such as name, email, or address
• Analytics or usage data
• IP addresses for product analytics
• Browser fingerprints or tracking cookies
• Advertising identifiers or device identifiers
• Wallet addresses, balances, or transaction history on our servers
• Private keys or seed phrases
• Crash logs, error reports, or performance telemetry

3. Local Data Storage

The extension stores data locally in your browser using Chrome's chrome.storage.local API:

• Encrypted private keys — AES-256 encrypted with your password
• Wallet metadata — wallet names, IDs, and public addresses
• Active wallet selection — which wallet is currently active
• Transaction history — records of your trades and transfers
• Position tracking — bought and sold SOL amounts per token
• Settings — quick-buy amounts, RPC URL, slippage, theme, and execution preferences

Local wallet data stays on your device. Public blockchain data such as wallet addresses, token mints, quotes, and signed transactions may be sent to third-party Solana infrastructure solely to perform requested wallet, swap, pricing, or transaction functions. HotKey does not store this data on its servers or use it for tracking.

4. Third-Party API Requests

The extension makes API requests to third-party Solana infrastructure. These requests may include public wallet addresses, token contract addresses, quote details, or signed transactions, but never your private keys or seed phrases.

Jupiter API

• Used for: swap routing, execution, limit orders, and token pricing
• Data sent: token mints, amounts, and taker address

Helius RPC and DAS API

• Used for: blockchain queries, token metadata, wallet holdings, and transaction submission
• Data sent: token mint addresses, wallet public addresses, and signed transactions

Jito Block Engine

• Used for: optional MEV-protected transaction submission
• Data sent: signed transactions

Solana RPC Nodes

• Used for: blockchain queries and transaction submission
• Data sent: public addresses and signed transactions

5. Data Security

• AES-256 encryption for private keys using password-derived keys
• PBKDF2 key derivation before decrypting local wallet data
• Content Security Policy to reduce XSS risk in extension pages
• Chrome extension isolation through Manifest V3 permissions and service workers
• No inline scripts in extension pages

6. Content Script Permissions

HotKey uses content scripts on supported trading terminals, including Axiom, Padre Terminal, pump.fun, gmgn.ai, Photon, fomo, and DexScreener, to detect token contract addresses.

• Content scripts scan the page DOM for Solana token addresses
• They do not read passwords or sensitive form fields
• They do not inject ads or modify page content
• Detected token addresses are sent only to the extension service worker

7. Browser Permissions

• sidePanel — display the trading UI in the browser sidebar
• storage — store encrypted wallet data locally
• activeTab — communicate with supported terminal tabs
• tabs — query supported terminal tabs for token detection
• scripting — inject detection code when needed

8. No User Accounts

HotKey does not require accounts or authentication with our servers. Your wallet is your identity, and your wallet data remains local.

9. No Cookies or Tracking

HotKey does not use cookies, tracking pixels, advertising identifiers, or analytics services for the extension. We do not participate in ad networks or tracking frameworks.

10. Data Deletion

To delete all extension data:

1. Uninstall the extension from Chrome
2. Or use Chrome's "Clear browsing data" with site data selected

This permanently deletes wallets, encrypted keys, transaction history, and settings stored by the extension. Back up private keys before doing this.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

12. Contact

For privacy questions, contact us through the support channels listed at hotkey.space.