Privacy Policy — Paybin Wallet Browser Extension

Last Updated: March 3, 2026

Paybin (“we”, “our”, or “us”) operates the Paybin Wallet browser extension (the “Extension”). This Privacy Policy explains how we collect, use, store, and protect your information when you use the Extension.

By installing and using the Extension, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Account and Identity Information

When you log in through our OAuth authentication flow, we retrieve the following from the Paybin platform:

  • Full name
  • Email address
  • Account identifiers (GUIDs)
  • Account roles and permissions

1.2 Wallet and Financial Data

While using the Extension, the following data is fetched from the Paybin backend and displayed to you:

  • Cryptocurrency wallet addresses
  • Wallet balances and fiat equivalents
  • Daily profit and loss data
  • Supported networks and symbols

1.3 Transaction Data

When you initiate a send or swap operation, the Extension transmits the following to the Paybin backend for processing:

  • Recipient wallet address
  • Transaction amount and currency
  • Selected network and fee rate
  • Optional description or reference ID

1.4 Authentication Credentials

  • OAuth access tokens and refresh tokens are stored locally on your device using Chrome's secure storage API (chrome.storage.local)
  • PKCE (Proof Key for Code Exchange) parameters are used during the login flow and discarded after authentication completes

1.5 Two-Factor Authentication (2FA)

  • 2FA codes you enter for transaction confirmations are transmitted directly to the Paybin backend
  • 2FA codes are never stored locally or logged by the Extension

1.6 DApp Connection Data

  • When you connect the Extension to a third-party website (DApp), the origin of that website is tracked in memory
  • Connected DApp origins are not persisted to disk and are cleared when the browser session ends

2. Information We Do NOT Collect

  • We do not collect browsing history or page content
  • We do not use analytics, telemetry, or tracking services (no Google Analytics, Mixpanel, Sentry, or similar)
  • We do not use cookies
  • We do not sell, rent, or trade your personal information to third parties
  • We do not store private keys — all key management is handled server-side by the Paybin platform
  • We do not read or access content on web pages you visit, except to detect OAuth callback redirects and to inject the wallet provider for DApp connectivity

3. How We Use Your Information

We use the collected information solely for the following purposes:

PurposeData Used
Authenticating your identityOAuth tokens, account identifiers
Displaying your wallet balancesWallet addresses, balances, fiat values
Processing send transactionsRecipient address, amount, currency, fee rate, 2FA code
Processing swap operationsSource and destination currencies, amount, 2FA code
Switching between accountsAccount identifiers
Enabling DApp connectivityWallet address, selected network (shared only with user-approved websites)
Generating QR codes for receivingWallet address (processed locally, not sent externally)

4. Data Storage and Retention

4.1 Local Storage

The following data is stored on your device using Chrome's chrome.storage.local API:

DataRetention
OAuth access tokenUntil expiration or logout
OAuth refresh tokenUntil logout
Selected account identifierUntil logout or account switch

4.2 In-Memory Only (Not Persisted)

The following data exists only in the Extension's runtime memory and is cleared when the browser closes:

  • Wallet addresses and balances
  • Transaction history
  • Connected DApp origins
  • User profile information (name, email)

4.3 Data Removal

All locally stored data is cleared when you log out of the Extension. You can also remove all Extension data by uninstalling the Extension from your browser.

5. Data Sharing and Third Parties

5.1 Paybin Backend Services

Your data is transmitted to Paybin backend services (*.paybin.io) for authentication, wallet operations, and transaction processing. These services are operated by Paybin and are subject to this Privacy Policy.

5.2 Third-Party DApps

When you explicitly approve a connection request from a third-party website, the following data is shared with that website:

  • Your selected wallet address
  • Your selected network

No other data is shared with third-party websites. You must approve each connection request before any data is shared.

5.3 No Other Third Parties

We do not share your data with any other third-party services, advertisers, or data brokers.

6. Security

We implement the following security measures to protect your data:

  • OAuth 2.0 with PKCE — Industry-standard secure authentication flow that prevents authorization code interception
  • Origin validation — The Extension only communicates with pre-approved Paybin domains
  • Secure token storage — Authentication tokens are stored using Chrome's built-in secure storage API, isolated from web page access
  • No remote code execution — All Extension code is bundled locally; no code is loaded from external servers at runtime
  • 2FA requirement — Financial operations (send, swap) require two-factor authentication
  • Session isolation — DApp connection data is kept in memory only and isolated per origin

7. Permissions Explained

The Extension requests the following browser permissions:

PermissionWhy It's Needed
storageTo securely store your authentication tokens and account selection on your device
activeTabTo establish a wallet connection with the website in your active browser tab
Host access to *.paybin.ioTo communicate with Paybin authentication and API services
Content scripts on all URLsTo inject the Paybin wallet provider, enabling DApp connectivity on any website that supports it

8. Your Rights

You have the following rights regarding your data:

  • Access — You can view all data the Extension holds by inspecting the Extension's storage through Chrome Developer Tools
  • Deletion — You can delete all locally stored data by logging out or uninstalling the Extension
  • Revoke DApp access — You can disconnect from any DApp by reloading the page or restarting the browser
  • Account deletion — To delete your Paybin account and all associated data, contact us at the email below

9. Children's Privacy

The Extension is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date at the top of this document. We encourage you to review this Privacy Policy periodically.

For significant changes that affect how we handle your data, we will notify you through the Extension or via email.

11. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us: