Privacy

monero-web is a non-custodial wallet. We do not collect, store, or transmit anything that could be used to identify you, recover your funds, or link you to your Monero activity.

The short version: we have no servers that hold your data, no analytics, no cookies, no trackers, no email signup, no account, no logs we can hand over to anyone — because none of that exists.

What we do not collect

Your seed phrase — never transmitted, never logged, never leaves your browser tab. All key derivation runs locally inside your tab using JavaScript that you can read in DevTools.
Your private spend key, view key, or address — derived in your browser from your seed and used only inside your tab.
Your wallet balance, transaction history, or contacts — these are not currently scanned at all (the wallet only does receive flows today). When balance scanning is added, it will be opt-in and route through infrastructure we explicitly document.
Cookies, fingerprints, or analytics IDs — there are no third-party scripts or cookies on this site at all. Open DevTools → Application → Cookies on any page and the list is empty.
Email addresses — there is no signup, no newsletter, no waitlist.
IP addresses — Cloudflare (our CDN) sees the IP that requests each page, like every web host on the planet does, but we have no logging on top of that and never inspect Cloudflare's analytics for individual visitors.

What the wallet does send over the network

The dashboard makes a small number of read-only RPC calls to public Monero remote nodes through a same-origin proxy at /api/proxy. Specifically:

get_info and get_block_count — to show the current network height and connection state.
get_fee_estimate — to show the current recommended fee.

None of these calls include your address, your view key, or any other information that could identify you or your wallet. The proxy forwards them to one of three public Monero remote nodes (Cake Wallet, MoneroDevs, Triplebit) and returns the response. No request is logged on our side.

You can also configure a custom node URL in the dashboard settings. When set, RPC calls go directly to your own node instead of through our proxy — if you run your own monerod, monero-web sees zero network traffic of yours at all.

What Cloudflare can see

monero-web.com is hosted on Cloudflare Pages and sits behind Cloudflare's CDN. As with any CDN, Cloudflare's edge servers see:

The HTTP requests for the static files (HTML, JS, fonts, images)
The HTTP requests for the proxy endpoint (the JSON-RPC payloads going to public Monero nodes)
Visitor IP addresses and standard request metadata

None of the information that flows through Cloudflare contains your seed, your keys, or your wallet contents. It is exactly the same set of information any visit to any website on the public internet exposes.

If your threat model requires hiding even the fact that you visited monero-web.com, route your browser through Tor Browser. The site works fine over Tor — there are no captchas, no JavaScript that breaks under Tor, and no server-side checks that block .onion-style traffic.

Sessions and storage

When you derive a wallet, the resulting keys are stored in your browser's sessionStorage — which means they live only in the current tab and are wiped automatically when you close it. You can also set an optional session password; if you do, your keys are AES-GCM encrypted in sessionStorage using a key derived from that password (PBKDF2-SHA256, 250 000 iterations) and decrypted only on demand.

The wallet has an idle auto-lock that fires after 10 minutes of inactivity. With a session password set, locking only wipes the in-memory keys — you can re-unlock by re-entering the password without re-deriving from your seed. Without a password, locking wipes everything and bounces you back to the seed entry screen.

Third parties

The site itself loads from one origin only: monero-web.com (served by Cloudflare). It does not load any external JavaScript, fonts, analytics scripts, or images. Specifically:

No Google Analytics, Plausible, Fathom, or any other analytics service
No Google Fonts — fonts are self-hosted at /fonts/
No external QR generator — the QR code in the receive modal is rendered by a vendored pure-JavaScript library
No CDN-hosted libraries — every script comes from our own origin

For the curious

Everything described here can be verified by reading the source code on GitHub or by opening DevTools → Network on any page of monero-web.com and watching exactly which requests are made. The full security and threat model is documented in the README and the disclosure policy is in SECURITY.md.

Changes to this page

If anything on this page changes, the change will be visible in the git history of privacy.html in the public repository. There is no other notification mechanism because there is no mailing list and no user accounts.