avian-flightdeck

Privacy-First Approach

This document outlines the comprehensive privacy approach implemented in the Avian FlightDeck Wallet.

Table of Contents

  1. Core Privacy Principles
  2. Data Protection Measures
  3. Wallet Address Privacy
  4. Notification Privacy
  5. Audit Logging Privacy
  6. User Control
  7. Testing Your Privacy

Core Privacy Principles

The Avian FlightDeck Wallet implements these fundamental privacy principles:

  1. Data Minimization: We collect and store only what’s absolutely necessary
  2. No User-Wallet Linking: We avoid creating permanent links between user accounts and wallet addresses
  3. Cryptographic Verification: Wallet ownership is verified through signatures, not database records
  4. Local Verification: Critical security checks happen locally on the device
  5. Data Truncation: Identifiers are truncated or hashed when stored in audit logs
  6. No User Tracking: We do not track users across different sessions or devices
  7. Transparent Data Handling: All data collection and processing is documented

Data Protection Measures

Client-Side Security

Client-Side Security

Wallet Address Privacy

Privacy-Preserving Storage

The application implements several privacy-preserving techniques:

  1. Local Only Storage: Wallet addresses and keys never leave your device
  2. Password Encryption: User-provided passwords encrypt sensitive data
  3. Ownership Verification: Cryptographic signatures verify ownership locally

Implementation

The wallet privacy implementation uses:

// Example of local signature verification
const isOwner = verifyWalletSignature(walletAddress, message, signature);

Local Storage Structure

The IndexedDB storage structure is designed for privacy:

Notification Privacy

The client-side notification system provides enhanced privacy through:

For complete details on the notification system, see Notifications.

Audit Logging Privacy

Our local security audit logging implements these privacy protections:

  1. Identifier Truncation: All identifiers (wallet addresses, device IDs) are truncated to show only enough information for debugging.
  2. Minimal Context: Audit logs only record that a change happened, not the specific values changed.
  3. Local Storage Only: Security logs are stored only on the user’s device.
  4. User Control: Users can clear logs at any time through the security settings.

User Control

Users have comprehensive control over their data:

Testing Your Privacy

To verify the privacy protections are working:

  1. Check the security audit logs to ensure no full identifiers are being stored
  2. Use browser developer tools to examine IndexedDB storage content
  3. Confirm that notification preferences are stored locally
  4. Use browser network tools to verify that no sensitive data is transmitted