Privacy Policy

OculusVault · effective 2026-07-04

OculusVault is a non-custodial Hedera wallet delivered as a Telegram Mini App and a Chrome extension. It is designed so that we collect as little as possible and never hold your keys. This policy explains exactly what is and isn't handled.

The short version

What we collect

We do not collect your password, your private key, your name, email, location, browsing history, or contacts.

How we use it

What we never do

Chrome extension permissions

The extension contains no remote code; all logic is bundled and open-source.

Data retention & deletion

Your encrypted wallet record persists so you can keep using your wallet. You control it: removing it from within the app (or contacting us) deletes the stored ciphertext. Because the wallet is non-custodial, deleting the record does not delete your funds — your key (which you alone hold) always controls the on-chain account.

Security

Keys are encrypted with Argon2id + XChaCha20-Poly1305 before leaving your device. Sign-in is verified server-side via HMAC. The server is rate-limited and transmits over HTTPS. The full security model is documented at SECURITY.md.

Open source

Every line is public under Apache-2.0 at github.com/jmgomezl/oculusvaultwallet. You can verify these claims in the code.

Contact

Questions or data-deletion requests: open an issue at github.com/jmgomezl/oculusvaultwallet/issues.