WhiteOwl emblem
WHITEOWL Autonomous Solana Trading Shell

LEGAL

Privacy Policy

This privacy policy explains how the WhiteOwl browser extension ("Extension") handles user data. Last updated: April 9, 2026.

1. Data We Collect

The Extension collects and processes the following categories of data:

  • Wallet addresses — public Solana addresses you create or import inside the Extension. These are stored locally in your browser using chrome.storage.local.
  • Extension preferences — settings such as UI theme, auto-lock timer, RPC endpoint, and network configuration. Stored locally in chrome.storage.local.
  • Authentication tokens — session tokens for communication between the Extension and your local WhiteOwl server instance. Stored locally.
  • Page context — when you use Token Desk or Inspector, the Extension reads token metadata and page content from the currently active tab to provide analysis. This data is processed in real time and is not stored persistently.
  • Chat messages — messages you send through Signal Chat are transmitted to your local WhiteOwl server for AI processing. Chat history is stored locally on your machine.

2. How We Use Your Data

  • Wallet operations — to display balances, token portfolios, process transactions, and manage wallet switching.
  • Token analysis — to detect token context on pages you visit and provide safety checks, AI-assisted review, and trade signals.
  • AI chat — to send your queries (with optional page context) to the locally running WhiteOwl AI server for analysis and response.
  • Page inspection — to scan pages for potential drainer contracts, phishing patterns, and unsafe dApp interactions.
  • Session management — to authenticate the Extension with your local WhiteOwl server and maintain connection state.

3. Data Storage

All user data is stored locally on your device using the Chrome Extension chrome.storage.local API. The Extension does not maintain external databases or cloud storage for user data.

Sensitive data such as private keys and PIN codes are encrypted locally and never transmitted to external servers. Private keys are only held in memory during active signing operations.

4. Data Sharing

The Extension communicates with the following services:

  • Your local WhiteOwl server (localhost) — for wallet operations, AI chat, token analysis, and runtime communication. This server runs on your own machine.
  • Solana RPC endpoints — to query blockchain state (balances, transactions). The default is the public Solana mainnet RPC; you may configure a custom endpoint.
  • Jupiter Aggregator API — for token price data and swap routing. No personal data is sent; only token addresses.
  • Houdini Swap — only if you explicitly use Private Send. Transaction data required for the exchange is sent to the Houdini Swap service.
  • Axiom.trade — the Extension reads cookies and HTTP authorization headers from axiom.trade and relays them to your local WhiteOwl server. This enables your server to execute authenticated Axiom trading API calls on your behalf. No Axiom data is sent to any other destination.
  • GMGN.ai — the Extension relays WebSocket connection URLs from gmgn.ai to your local server for real-time social/Twitter feed monitoring. Only the WebSocket address is shared; no personal data is transmitted.

We do not sell, rent, or share your personal data with any third parties for advertising, analytics, or marketing purposes.

5. Permissions

The Extension requests the following browser permissions:

  • activeTab — to read token context from the page you are currently viewing when you interact with the Extension.
  • sidePanel — to display the Extension interface as a browser side panel.
  • storage — to persist wallet data, preferences, PIN hash, and session state locally on your device.
  • tabs — to communicate between content scripts and the background service worker, detect page navigation, and capture screenshots for AI analysis when explicitly requested.
  • webRequest — to read HTTP request headers on axiom.trade API domains for authentication session synchronization. The Extension does not modify, block, or redirect any network requests.
  • cookies — to read session cookies from axiom.trade for authentication synchronization with your local WhiteOwl server. No cookies are read from any other domain.
  • alarms — to schedule periodic Axiom session cookie synchronization (once per minute) and background health checks.

Host Permissions

The Extension requests host access to *://*.axiom.trade/* only. This is required for the webRequest and cookies permissions to read authentication headers and session cookies from the Axiom trading platform.

Content Scripts

Content scripts run on all pages (<all_urls>) to provide the following functionality:

  • Wallet Provider — injects a Solana wallet adapter (similar to Phantom or Solflare) so dApps can detect and interact with your WhiteOwl wallet.
  • Token Detection — identifies Solana token addresses on the page to offer one-click analysis and trading.
  • Anti-Phishing Scanner — scans pages for known drainer contract patterns, phishing indicators, and unsafe dApp behaviour to protect your assets.
  • Trading Overlay — renders token info cards, charts, and quick-trade buttons on supported sites (pump.fun, Axiom, DexScreener, Birdeye, etc.).

Content scripts do not collect browsing history, form data, passwords, or any personal information from pages you visit. They only process publicly visible token-related data and page security signals.

6. Security

The Extension implements multiple security layers to protect your data:

  • PIN-gated access for sensitive wallet operations
  • Local-only key storage with encryption
  • Auto-lock after configurable idle timeout
  • Guardian wallet support for co-signer protection
  • Transaction simulation before signing
  • AI-powered drainer and phishing detection

7. Your Rights

You can exercise the following rights at any time:

  • Access — all your data is stored locally and can be inspected via browser developer tools.
  • Delete — uninstalling the Extension removes all locally stored data. You can also clear data via Chrome's extension settings.
  • Export — wallet private keys can be exported through the Extension's built-in export function (PIN required).
  • Port — wallet addresses and seed phrases can be used with any Solana-compatible wallet.

8. Data Retention

All locally stored data (wallet data, preferences, chat history, session tokens) persists until you explicitly clear it through the Extension's settings or by uninstalling the Extension. When the Extension is uninstalled, Chrome automatically removes all data held in chrome.storage.local.

Authentication tokens synced from Axiom.trade to your local server are stored only in server memory and are cleared when the server restarts. They are not persisted to disk.

9. Children's Privacy

The Extension is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the Extension after changes constitutes acceptance of the updated policy.

11. Remote Code

The Extension does not load or execute any remotely hosted code. All JavaScript is bundled within the extension package. The Extension communicates with your locally running WhiteOwl server via HTTP/WebSocket and with blockchain RPC endpoints via HTTPS, but no executable code is fetched from these sources.

12. Single Purpose

The Extension serves a single, clearly defined purpose: to provide an AI-powered Solana trading assistant with wallet management, token analysis, anti-phishing protection, and chat-based AI interaction for cryptocurrency traders. All features — wallet, token desk, inspector, chat, and trading overlay — support this core purpose.

13. Disclosure of Handling of User Data

In compliance with Chrome Web Store Developer Program Policies, we disclose:

  • The Extension does not sell user data to third parties.
  • The Extension does not use or transfer user data for purposes unrelated to the Extension's core functionality.
  • The Extension does not use or transfer user data to determine creditworthiness or for lending purposes.
  • The Extension does not use user data for advertising or marketing.
  • The Extension does not use user data for tracking or analytics beyond local session state.
  • All data processing is performed locally on the user's device or on the user's self-hosted server.

14. Contact

If you have questions about this privacy policy or the Extension's data practices, please reach out via the Support page.