Privacy Policy

Nimora Wallet · Last Updated: April 14, 2026

§Overview

Nimora Wallet ("we", "our", "the extension") is a non-custodial Sui blockchain wallet browser extension developed by Cryptokarigar. This policy explains what information the extension handles and how.

§Information We Collect

We do not collect, transmit, or store any personal information on our servers. Nimora Wallet is a fully client-side extension. We have no backend servers, no analytics, and no telemetry.

Data Stored Locally on Your Device

  • Wallet accounts — Sui addresses and public keys
  • Passkey credentials — WebAuthn credential identifiers (private key material never leaves your device's secure hardware)
  • Transaction history cache from public Sui RPC endpoints
  • User preferences — network, theme, and UI settings
  • dApp connections — approved sites
  • Short-lived session unlock timestamp

This data never leaves your device.

§Information We Do Not Collect

  • Private keys, seed phrases, or passkey secrets
  • IP address, browser fingerprint, or device identifiers
  • Browsing history or activity outside the extension
  • Cookies, advertising IDs, or third-party trackers
  • We do not sell or share any data

§Third-Party Services

The extension communicates directly from your browser with the following public services. We do not operate or control these services, and no data is proxied through our servers.

ServicePurpose
fullnode.{mainnet,testnet,devnet}.sui.ioSui blockchain RPC
sui-mainnet.mystenlabs.comSui RPC fallback
graphql-beta.{mainnet,testnet}.sui.ioSui GraphQL indexer
api.coingecko.comToken price data
7k.agSwap aggregator (only when using swap)
suivision.xyz, suiscan.xyz, explorer.polymedia.appBlock explorer links

When you interact with these services, their own privacy policies apply. Requests include standard network metadata (IP address, user agent) that those services may log.

§Permissions

  • storage — store wallet data locally
  • activeTab — inject the Sui Wallet Standard interface
  • sidePanel — open the wallet in the browser side panel
  • host_permissions — communicate with Sui RPC/GraphQL endpoints

§Connecting to dApps

When you connect Nimora to a dApp, that dApp learns your Sui public address and can request signatures on transactions and messages. You must explicitly approve each connection and each signature. The extension does not auto-sign.

§Passkey Authentication

Nimora uses WebAuthn passkeys. Passkey private keys are generated and stored by your operating system or hardware authenticator (Touch ID, Windows Hello, YubiKey, etc.) and never exposed to the extension or to us. The extension only sees public keys and signatures produced during authentication.

§Security

  • All signing operations require passkey verification
  • The extension blocks known-dangerous operations (e.g. 0x2::address_aliascalls that could compromise accounts)
  • RPC endpoints are restricted to an allowlist
  • No remote code execution — the extension ships with all its code

§Children's Privacy

Nimora Wallet is not intended for users under the age of 13.

§Changes to This Policy

We may update this policy from time to time. Material changes will be announced through the extension's release notes. The "Last Updated" date at the top reflects the most recent revision.

§Contact

Cryptokarigar
Email: team@cryptokarigar.com
Website: cryptokarigar.com