Skip to main content

Security

Altitude Wallet is built around a single principle: no one but you can access your funds. This isn't a policy — it's enforced at the technical level.

Your Keys Never Leave Your Device

Private keys are generated and stored exclusively on your device, inside an encrypted vault. They are never uploaded to any server, never shared with the backend, and never exposed to web pages or browser tabs.

When you send a transaction, the backend only receives the already-signed result — it never sees your key.

The UI Cannot Access Your Keys

The wallet interface and the signing process run in completely separate, isolated browser contexts. This means even if the UI were somehow compromised — by a malicious extension, a browser bug, or a supply chain attack — it still could not access your private keys.

The UI sends a signing request to the background process. The background signs it and returns only the result. Keys never cross that boundary.

Encrypted at Rest

Even if someone gains physical access to your computer, they cannot read your keys. The vault is encrypted using your password, which means:

  • Without the correct password, the vault is unreadable
  • The password itself is never stored — it only exists in memory while the wallet is unlocked
  • Closing the browser clears all key material from memory automatically

Every Transaction Requires Your Confirmation

Nothing is signed without your explicit approval. Before any transaction goes through, you see the full details — recipient, amount, and network fee. The key is decrypted only at the moment you confirm, then cleared from memory immediately.

This means a compromised browser tab or a malicious website cannot silently move your funds.

Wallet Recovery

Your wallet is backed by a 12- or 24-word secret phrase — the industry-standard BIP-39 format used by all major wallets including MetaMask, Ledger, and Trezor. This means:

  • You're never locked in — your wallet can be restored in any BIP-39-compatible app
  • The phrase is generated locally in your browser, never transmitted anywhere
  • It's the only way to recover your wallet if you lose access to your device
  • It's shown once during setup and kept hidden until you explicitly choose to reveal it

Keep it offline, in a safe place. Anyone with this phrase can access your funds.

Token Approval Visibility

When you use DeFi protocols — swaps, lending, staking — you often grant them permission to spend your tokens on your behalf. These permissions persist indefinitely on-chain and are easy to forget about. If a protocol is later exploited or goes rogue, any unlimited approval can be used to drain your wallet without any further action from you.

Altitude Wallet gives you a clear view of every active approval across all supported chains, with a one-click revoke flow to remove access from any contract at any time.

What We Don't Do

We have no account system. We don't know your wallet address unless you tell us. We don't collect analytics, we don't log your transactions, and we don't store any data that could identify you or link you to your funds.

The backend exists solely to aggregate blockchain data — balances, history, token prices — and serve it efficiently. It has no access to your keys and no record of who is querying it.