Privacy Policy

CTJ Web3 Authentication Extension

Last Updated: February 2026

Overview

The Crypto Trading Journal Web3 Extension is an authentication bridge that connects your existing wallet (MetaMask, Brave Wallet, etc.) to Crypto Trading Journal for passwordless sign-in. This policy explains what data we collect, how we use it, and your rights.

Data We Collect

1. Wallet Address

  • What: Your Ethereum wallet public address (e.g., 0x...)
  • Why: To authenticate you and associate your trading data with your account
  • Storage: Locally in browser extension storage and on our servers for session management
  • Retention: Until you disconnect or clear extension data

2. Chain/Network Information

  • What: The blockchain network you're connected to
  • Why: To ensure operations target the correct network
  • Storage: Locally in browser extension storage
  • Retention: Session-based, cleared on disconnect

3. Session Tokens

  • What: Encrypted authentication tokens
  • Why: To maintain your session without repeated sign-ins
  • Storage: Locally in browser extension storage
  • Retention: 24 hours, then automatically expired

4. SIWE Signatures

  • What: Sign-In With Ethereum message signatures
  • Why: To cryptographically verify your wallet ownership
  • Storage: Temporary during authentication only
  • Retention: Not persisted

Data We Do NOT Collect

  • Private Keys: We never access, store, or transmit your private keys
  • Seed Phrases: We never request your wallet recovery phrases
  • Transaction History: We don't read your wallet's transaction history
  • Token Balances: We don't access your balances
  • Browsing History: We don't track sites you visit
  • Personal Information: No names, emails, or identifiers collected

How We Use Your Data

  1. Authentication: Verify wallet ownership via cryptographic signatures
  2. Session Management: Keep you logged in across browser sessions
  3. Network Routing: Ensure operations target the correct blockchain

Data Sharing

We do NOT sell, rent, or share your data with third parties except:

  • Service Providers: Infrastructure providers bound by confidentiality agreements
  • Legal Requirements: When required by law

Data Security

  • All communication uses HTTPS encryption
  • Session tokens are cryptographically signed and time-limited
  • Wallet signatures use industry-standard EIP-4361 (SIWE) protocol
  • Extension follows Chrome Manifest V3 security requirements
  • Content Security Policy restricts script execution

Your Rights

Access

View your connected wallet address in the extension popup at any time.

Deletion

To remove all extension data:

  1. Click the extension icon
  2. Click "Disconnect"
  3. Optionally, remove the extension from your browser

Opt-Out

Stop using the extension at any time by disconnecting or uninstalling.

Third-Party Wallets

This extension interacts with third-party wallet providers. Review their policies:

Technical Details

Permissions Requested

Permission Purpose
storage Store session tokens and preferences locally
activeTab Inject provider script on authorized pages only
alarms Manage session expiration timers

Host Permissions

The extension only communicates with:

  • https://cryptotradingjournal.xyz
  • https://*.cryptotradingjournal.xyz
  • http://localhost:3000 (development only)

Data Flow

Your Wallet (MetaMask, etc.) (signature only, no private keys) Extension Content Script (encrypted messages) Extension Background Script (HTTPS) Crypto Trading Journal API

No private keys ever leave your wallet. The extension only receives and forwards cryptographic signatures.

Children's Privacy

This extension is not intended for individuals under 18. We do not knowingly collect data from children.

Policy Changes

We may update this policy. Changes will be posted with an updated date. Continued use constitutes acceptance.

Contact

Consent

By installing and using this extension, you consent to the data practices described in this privacy policy.