Security
PolyPulse takes security seriously. Your wallet is self-custodial, meaning only you have access to your funds.
Encryption
Your wallet's private key and seed phrase are encrypted locally using:
| Component | Detail |
|---|---|
| Encryption | AES-256-GCM |
| Key derivation | PBKDF2 with 100,000 iterations |
| Storage | Chrome's chrome.storage.local API |
| Session | Decrypted keys kept in chrome.storage.session (cleared on browser close) |
What This Means
- Your private key never leaves your device in unencrypted form
- Your password is never stored, only used to derive the decryption key
- Closing the browser automatically locks your wallet (session storage is cleared)
- Even if someone accesses your Chrome storage, they cannot read your key without your password
Best Practices
Password
- Use a strong, unique password (16+ characters recommended)
- Do not reuse passwords from other services
- Consider using a password manager
Seed Phrase
- Write it down on paper. Do not store it digitally
- Store it in a secure location (safe, safety deposit box)
- Never share it with anyone, not even PolyPulse support
- Anyone with your seed phrase has full access to your funds
General
- Keep Chrome and PolyPulse up to date
- Only install PolyPulse from the official Chrome Web Store
- Be cautious of phishing sites or fake extension listings
- Lock your computer when stepping away
What We Cannot Do
PolyPulse developers:
- Cannot access your wallet or funds
- Cannot recover lost passwords or seed phrases
- Cannot reverse blockchain transactions
- Cannot view your private key or trading activity
Cloudflare Worker
PolyPulse uses a Cloudflare Worker proxy for certain API calls. This proxy:
- Does not log or store any request data
- Does not track users or sessions
- Exists only to keep API keys secure (not exposed in the extension bundle)