中文 · English
§ · Privacy Policy · Effective 2026-04-24

Privacy Policy

Shadow Wallet (影子數位皮夾, "the App") is an open-source digital credential wallet. This policy explains how the App handles your data. In one sentence: your data stays on your device and does not leave it.

1. What we do not collect

  • No accounts, no sign-up, no identity tied to use.
  • No third-party analytics, tracking, or crash reporting SDKs (no Google Analytics, Firebase, Sentry, Crashlytics, Amplitude, Mixpanel, etc.).
  • No credentials, private keys, or usage logs stored in any cloud.
  • No advertising, ad serving, or data sharing with ad networks.

2. Data stored on your device

The following data is stored only on your device and protected by the operating system's security mechanisms:

  • Verifiable Credentials — stored in a SQLite database encrypted with SQLCipher.
  • Private keys — stored in the iOS Keychain or Android Keystore, protected by PIN and biometrics, and never leave your device.
  • App settings — user preferences, language, trust list sources, and the like.

Uninstalling the App clears all of the above. If you lose your PIN without a backup, your credentials cannot be recovered.

3. Network requests

The App only makes outbound requests in the following situations, each of which targets an endpoint that you — or the system default you accept — have explicitly chosen:

  • Trust list download — By default the App fetches the issuer trust list from https://frontend.wallet.gov.tw (Taiwan's Ministry of Digital Affairs). You can change this endpoint to any other trust list in the settings.
  • Credential issuance (OID4VCI) — After you scan a QR code from an issuer, the App requests a credential from that issuer's endpoint following the OpenID for Verifiable Credential Issuance specification.
  • Credential presentation (OID4VP) — When a verifier requests a credential, the App sends the fields you approve — and only those fields — to that verifier.

All three request types are triggered by an explicit user action. The App never silently sends credential contents, private keys, or usage logs to any server.

4. Permissions

  • Camera — used to scan QR codes (issuance and presentation).
  • Biometrics (Face ID / Touch ID / fingerprint) — used to unlock the wallet or authorize signing. The biometric data itself is managed by the operating system; the App only receives a success/failure result.

5. Platform-level data

When you download, update, or use the App through the App Store or Google Play, the platforms themselves (Apple, Google) may collect aggregate statistics such as download counts, device model, and crash diagnostics. Those data are handled by the platform, not actively collected by the App.

6. Children's privacy

The App is not designed for children under 13, and it does not intentionally collect data from children. Because the App does not collect any personal data in the first place, no children's data is at risk of leaking.

7. Your rights

Because the App does not send data to any server, there is no server-side "deletion request" or "data portability" action to perform. You can at any time:

  • Delete individual credentials, or wipe the whole wallet, from inside the App.
  • Uninstall the App to clear all on-device data.

8. Open source and auditable

The App's full source code is published on GitHub under the MIT license. You are encouraged to verify that the behavior described in this policy matches the actual code.

9. Changes to this policy

If this policy is updated, the new version will be published on this page with a new effective date. Material changes (such as introducing any new data collection) will be surfaced inside the App as a notification.

10. Contact

For questions about this policy, or to report behavior inconsistent with it, contact: tonyq@tonyq.org

Initiated by · TonyQ · Effective 2026-04-24