Privacy & Data Use

PENGUARDS is designed for a single purpose: surfacing Abstract Global Wallet session keys, explaining their scopes in readable language, scoring risk, and guiding revocation. The extension follows Chrome Web Store Program Policies and keeps every data flow transparent.

Information We Access

  • Wallet address and Abstract profile metadata - When you connect a wallet, the address is sent to https://backend.portal.abs.xyz/api (the Abstract Portal backend operated by Cube Inc.) to retrieve the associated profile name, avatar metadata, and tier so you can confirm the correct account. The response remains inside the popup and is cached in React Query memory for up to five minutes.

  • Session configuration data - Active session keys, validator verdicts, expiry windows, spend limits, and constraint scopes are read from the Abstract Session Key Validator via https://api.mainnet.abs.xyz/ so the extension can compute risk scores and display revoke actions. These details are derived from on-chain logs and public Abstract APIs.

  • Function signature lookups - The selector for each allowed contract call is sent to https://www.4byte.directory/ to resolve a human-readable signature, helping translate raw policies into natural language.

  • Local cache - Non-sensitive metadata (contract names, function signatures, bytecode string hints) may be stored in memory or localStorage with explicit TTL-based eviction. Wallet secrets, private keys, seed phrases, authentication cookies, personal communications, location data, and browsing history are never collected or stored.

All network requests use HTTPS. The extension contains no analytics SDKs, advertising frameworks, or background tracking scripts.

How We Use Information

  • Display the connected wallet's Abstract profile so you can visually confirm the account in scope.

  • Render readable descriptions of session permissions, risk scores, and severity indicators.

  • Invoke Abstract revocation workflows to close session keys you no longer trust.

Information is used strictly for these purposes. It is not sold, shared with unrelated third parties, or repurposed for advertising, credit decisions, or behavioral profiling. Any processing of personal data by Abstract itself is governed by their published policies at https://www.abs.xyz/privacy-policy and https://www.abs.xyz/terms-of-service.

Your Controls

  • Disconnect the wallet in the popup to stop further profile lookups.

  • Clear cached metadata using Chrome's extension storage tools.

  • Remove the extension to delete all locally cached information.

Contact & Updates

Policy updates will adjust the "Last updated" date and ship with each new release. For privacy inquiries, email [email protected]. You can also reference the official Abstract privacy resources linked above for platform-level data handling practices.

PreviousRevoking Sessions SafelyNextHelp & FAQ

Last updated