Dungeon GamesDungeon
SwapStakeBuy DGN
HomeSwapStakeBuy DGNDAOBlocksTxsValidatorsBTC Bridge
Dungeon GamesDungeon Chain Explorer
Chain: dungeon-1|Cosmos SDK v0.50|CosmWasm
Whitepaper|Roadmap|dungeongames.io|Dungeon DEX|iOS Wallet|Android Wallet|Desktop Launcher
DashboardCastleAccount

Dungeon Wallet — Privacy Policy

Last updated: 2026-05-02 · Operator: Crypto Dungeon LLC, Dubuque, IA, USA · Contact: admin@dungeongames.io

This policy explains what Dungeon Wallet (the “Extension” and the DungeonWallet mobile apps, collectively the “Wallet”) collects, what it does with it, and what it never does. It is written to be read, not to hide things.

What we collect

Nothing on our servers. We do not run analytics, tracking pixels, or account telemetry against the Wallet. We have no record of who installed it, when, or how often it is used.

The Wallet stores the following only on your device, in chrome.storage.local (extension) or the OS keychain / encrypted AsyncStorage (mobile):

  • Your encrypted seed phrase or private key (AES-256-CBC, key derived from your master password via PBKDF2-SHA256, 10,000 iterations)
  • A hash of your master password (for the “wrong password” fast-fail UX)
  • Account metadata: display names, creation timestamps, HD derivation paths
  • Address book entries you create
  • User preferences: auto-lock timer, hide-balances toggle
  • A list of dApp origins you have granted enable() permission to
  • Optional: custom RPC endpoints you configure
  • Optional: a signed JWT session token for chat.dungeongames.io if you sign in to the chat feature

This data never leaves your device unless you take an explicit action that requires it (signing a transaction, broadcasting it, sending a chat message).

What we transmit when you act

The Wallet makes network requests only when you initiate an action:

  • Reading chain state (balances, validators, tx history): GET requests to public Cosmos LCD endpoints (e.g. api.dungeongames.io for Dungeon Chain, rpc.cosmos.nodestake.org for Cosmos Hub). Your wallet address is included so the LCD can return your data — this is unavoidable and identical to how every Cosmos block explorer works.
  • Broadcasting transactions: POST to a chain's /cosmos/tx/v1beta1/txs endpoint. Public, on-chain by definition.
  • Chat (optional, end-to-end encrypted): when you sign in, your wallet signs an ADR-36 nonce to prove ownership and receives a JWT. Subsequent chat traffic flows over https://chat.dungeongames.io (REST + WebSocket). Message bodies are end-to-end encrypted (X25519 + ChaCha20-Poly1305) between participants — the server stores ciphertext only and cannot read your messages. The X25519 key is deterministically derived from your wallet seed via HKDF, so re-installing the extension with the same seed restores access to existing chat history. Server-visible metadata: who-talks-to-whom, when, message length, recipient X25519 pubkey. This is the same metadata Signal, iMessage, and other modern E2E services leak. Group chats are encrypted once per recipient. We do not yet ship forward secrecy (key ratcheting) — a future compromise of one party's wallet exposes their chat history with that peer; this is on the roadmap. When chatting with a peer who hasn't yet upgraded to an E2E-capable wallet (mobile catching up), messages fall through to plaintext-on-server with a clear UI indicator.
  • WalletConnect (optional): when you pair with a dApp via WalletConnect v2, signing requests flow through relay.walletconnect.com, operated by WalletConnect Inc., who has its own privacy policy at walletconnect.network/privacy.

What we never do

  • We never see your seed phrase, private key, or master password.
  • We never collect, store, or transmit your IP address, user agent, or browsing history.
  • We never inject ads, trackers, or third-party analytics.
  • We never sell, rent, or share data with third parties.
  • We never use remotely-hosted code; the Extension is fully bundled at install time and Chrome verifies its integrity.

Permissions we request (Chrome extension)

storage (encrypted wallet on device), activeTab (origin of the page calling window.keplr), alarms (auto-lock timer), notifications (chat message alerts), and host permissions for *.dungeongames.io (chain RPC and chat backend). Each is justified in the Chrome Web Store listing.

Your rights

Because all sensitive data lives on your device, you control it directly:

  • Export your seed phrase: Settings → Profile → Manage accounts → Export
  • Delete everything: Home → Wipe wallet (irreversibly clears device storage for the Wallet)
  • Revoke dApp access: Settings → Connected dApps → Revoke all (or any individual chain)
  • Sign out of chat: Chat → Sign out — clears the JWT token

Children

The Wallet is not directed at children under 13. Cryptocurrency wallets generally are not appropriate for minors.

Changes to this policy

We will update this page when material changes happen. The “Last updated” date at the top reflects the most recent revision.

Open source

The Extension is open source. You can audit every line of code we run against your wallet at github.com/Ninjaxan/dungeon-wallet-extension.

Contact

Questions, complaints, or requests for deletion of any data we may hold server-side (chat) → admin@dungeongames.io. We respond to good-faith requests promptly.


Crypto Dungeon LLC · Dubuque, Iowa, USA