Privacy Policy

Overview

NostrKey is a browser extension developed by Humanjava Enterprises Inc that provides secure Nostr key management and cryptographic signing services. This privacy policy explains how we handle your data and protect your privacy.

Data Collection

NostrKey does NOT collect any user data.

We do not collect, transmit, or store any of the following:

• Personal information (name, email, address, etc.)
• Browsing history or website content
• User activity (clicks, scrolling, keystrokes)
• Location data
• Analytics or telemetry data
• Usage statistics
• Error reports

Data Storage

NostrKey stores the following data locally on your device only using your browser's secure storage API:

What We Store Locally

• Private Keys: Your Nostr private keys (nsec or hex format)
• Profiles: Multiple profile configurations for different identities
• Relay Settings: Your preferred Nostr relay URLs and read/write permissions
• Permissions: Your saved permission preferences for different websites
• Vault Data: Encrypted documents you choose to store
• API Keys: Encrypted API keys you choose to store
• Master Password Hash: If you enable master password encryption

How Data is Stored

• All data is stored locally in your browser using the browser's storage API
• Private keys can be optionally encrypted with a master password
• Data never leaves your device except: (a) when using nsecBunker remote signing, (b) when cross-device sync is enabled, or (c) when publishing to Nostr relays you configure
• Data persists in your browser's local storage

Cross-Device Sync (Optional)

If you enable "Sync across devices" in Settings, NostrKey mirrors a subset of your data to your browser's built-in sync storage:

• Chrome: syncs via your Google account (storage.sync)
• Safari (16+): syncs via iCloud (storage.sync)

What is synced: profiles (without per-site permissions), relay settings, feature flags, vault documents, and API keys.

What is never synced: master password hash, password salt, bunker session tokens, and per-site permission histories.

You can disable sync at any time in Settings. When disabled, no data is written to storage.sync.

Data Transmission

NostrKey only transmits data in the following specific circumstances:

To Nostr Relays (User-Configured)

• Signed Nostr events are sent to relays you explicitly configure
• Encrypted vault documents are stored on relays you choose
• You have complete control over which relays are used
• Relay communication uses the standard Nostr protocol

To nsecBunker (Optional)

• If you use nsecBunker mode, signing requests are sent to your remote signer
• This is an optional feature you must explicitly enable
• You provide the bunker connection URL
• Your private key never touches the browser in this mode

Third-Party Services

NostrKey does not use any third-party analytics, tracking, or advertising services.

The extension communicates only with:

• Nostr Relays: Public relay servers you configure
• nsecBunker: Remote signer you optionally connect to

We do not integrate with or share data with any other services.

Permissions Explained

NostrKey requires certain browser permissions to function. Here's what each permission is used for:

Storage Permission

Required to save your private keys, profiles, relay settings, and preferences locally in your browser. All data remains on your device.

Host Permissions (All URLs)

Required to inject the NIP-07 window.nostr API into web pages, allowing Nostr applications to request signing operations. This is the core functionality of the extension.

ClipboardWrite Permission

Allows you to copy your public keys, relay URLs, and encrypted key exports to your clipboard when you click "Copy" buttons. Only activated by your explicit actions.

SidePanel Permission

Provides a persistent side panel for managing profiles, viewing event history, and accessing your vault without interrupting your browsing.

Security

We take security seriously and implement multiple layers of protection:

• Local Storage Only: All sensitive data stays on your device
• Optional Encryption: Master password encrypts keys at rest
• No External Transmission: Keys never sent to external servers
• User-Controlled Permissions: You decide which sites can request signing
• Open Source: Code is publicly auditable on GitHub
• No Tracking: Zero analytics or telemetry

User Rights

You have complete control over your data:

• Access: View all stored data in the extension settings
• Export: Export your keys and data at any time
• Delete: Remove profiles and clear all data with one click
• Control: Manage permissions for each website individually
• Portability: Your keys work with any NIP-07 compatible extension

Children's Privacy

NostrKey is not directed at children under the age of 13. We do not knowingly collect information from children. If you believe a child has provided data through our extension, please contact us.

Open Source

NostrKey is open source software. You can review the complete source code at:

https://github.com/HumanjavaEnterprises/nostrkey.browser.plugin.src

This transparency allows security researchers and users to verify our privacy claims and audit the code for any concerns.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

Material changes will be communicated through:

• Update to this page
• GitHub repository announcements
• Extension update notes (if applicable)

Contact Information

If you have questions about this privacy policy or NostrKey's privacy practices, please contact us:

Humanjava Enterprises Inc
Website: humanjava.com
GitHub: NostrKey Repository
Issues: GitHub Issues

Legal Compliance

This privacy policy complies with:

• Chrome Web Store Developer Program Policies
• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Other applicable privacy laws

Since we do not collect any user data, most data protection regulations do not apply to our extension's operation.