CoinWallet

Privacy Policy

CoinWallet is built to keep signing keys on your device. This page explains what stays local, what you can opt into, and what third parties may see when you sync or swap.

Non-custodial by design

CoinWallet is a non-custodial wallet. Your seed phrase and private keys are generated and stored on your device, encrypted at rest when WALLET_DB_KEY is configured. We do not have access to your funds, mnemonics, or signing keys.

What stays on your device

  • Seed phrases, passphrases, and encrypted wallet databases
  • Bitcoin UTXO metadata, labels, coin-control flags, and privacy scores
  • Monero view keys (encrypted) and subaddress labels for XMR wallets
  • Settings, session tokens, and swap history you confirm locally

The desktop app binds its API to localhost only. Unlocking the wallet clears sensitive material from memory when you lock the app or after an idle timeout.

Leaderboard (opt-in only)

The public leaderboard is disabled by default. If you opt in from Settings, only your chosen display name and total balance (in satoshis) are sent to the server. We never upload addresses, mnemonics, UTXOs, or transaction history for leaderboard purposes. Opt out at any time — your entry is removed immediately.

Leaderboard data flow

Your device                         CoinWallet server              Public site
───────────                         ─────────────────              ───────────
Wallet sync (local)
      │
      ▼
Total balance computed ──opt-in──►  display_name + balance_sats ──►  /leaderboard page
      │                               (no addresses / seeds)
      │
      ✕ opt-out ───────────────────►  entry deleted immediately
  • Display names are validated (length, charset, no impersonation).
  • Balance updates are rate-limited and matched to your synced wallet total.
  • Leaderboard reads are cached briefly; no authentication required to view ranks.

BTC ↔ XMR swaps

Swaps are user-initiated only — nothing runs in the background. Before you confirm, the app shows fees, provider name, and custodial risk labels. Only providers on the built-in allowlist can be used; the client cannot point swaps at arbitrary URLs.

Third-party swap providers operate under their own privacy policies. Using a swap temporarily involves those providers and may link on-chain activity across assets.

Network sync & block explorers

Bitcoin sync uses public Esplora APIs to read balances and transactions. That exposes your wallet addresses to the explorer operator — standard for light clients. Monero sync talks to a local or configured monero-wallet-rpc instance; your spend key never leaves the wallet process.

For stronger network privacy, run your own node, point Esplora to it, or route traffic over Tor from Settings.

Advisor AI

Advisor tips are generated locally from your wallet state using rule-based templates — no cloud LLM by default. Optional cloud hints require an explicit server URL in your build config; keys and seeds are never sent. Privacy scores on the in-app Privacy tab use the same local UTXO analysis.

Direct downloads & sideloading

CoinWallet is distributed outside app stores as signed desktop builds. Verify SHA-256 checksums and signature metadata published in releases.json on the Download page before installing. Large Windows installers may be hosted on GitHub Releases instead of this site.

Policy updates

This policy may change when the software is updated. Continued use after an update constitutes acceptance of the revised policy published here. Last updated June 2026.

Questions? See also our Terms of Use.

CoinWallet

Non-custodial Bitcoin wallet for Windows and macOS. Direct downloads — no app stores.

Product

Legal

Security

  • Keys stay on your device
  • Signed builds + SHA-256
  • Testnet default
© 2026 CoinWallet · Non-custodial · Not financial advice