Privacy

CredChains privacy notice.

This notice explains how TretaTech LLC handles information submitted through the CredChains marketing site.

Controller

TretaTech LLC is the controller for information submitted through credchains.com. Contact us at team@credchains.com.

Contact form data

When you submit the contact form, we collect the name, work email, organization, and message you provide. We use that information to respond to your inquiry, evaluate fit, and manage the relationship you asked us to start.

Processors

We use HubSpot to receive and manage contact form submissions and to maintain our customer relationship records. HubSpot stores the contact information you submit on our behalf. This site does not load any third-party analytics tracker and does not set tracking cookies.

Legal basis

We process contact form submissions because you asked us to respond and acknowledged that TretaTech LLC may process the information for that purpose.

Your rights

You may ask us to access, correct, delete, or restrict use of your contact information. You may also object to processing where applicable. Email team@credchains.com and we will respond.

Retention

We keep contact form submissions only as long as needed to respond, manage follow-up, or meet legal and operational obligations.

Sensitive data

Please do not submit sensitive personal data through the contact form.

CredChains Wallet Extension

The CredChains Wallet Chrome Extension is designed for managing blockchain-based digital credentials. Below is our justification for each permission requested.

Storage Permission Justification

Permission: storage

Why we need it: The extension uses Chrome storage to securely store your wallet credentials locally on your device. Specifically:

  • Encrypted private key: Your wallet's encrypted private key is stored using AES-256-GCM encryption. The key is never transmitted to any server.
  • Wallet address: Your public wallet address is stored for quick access and display.
  • Session management: Temporary session data enables auto-lock functionality after 15 minutes of inactivity for security.

Data collected: No personal data is collected. Only cryptographic wallet data (encrypted private key, public address) is stored locally.

Third-party sharing: Storage data is never shared with third parties. All data remains on your device.

Alarms Permission Justification

Permission: alarms

Why we need it: The extension uses Chrome alarms to automatically lock your wallet session after 15 minutes of inactivity. This is a critical security feature that:

  • Clears temporary session data from storage
  • Requires password re-entry to access credentials
  • Protects your credentials if you step away from your device

How it works: When you unlock your wallet, an alarm is set for 15 minutes. When triggered, the alarm clears session keys, locking the wallet until you re-authenticate.

Data collected: No data is collected. Alarms are used purely for timing security session expiration.

Host Permissions Justification

Permissions:

  • http://localhost:5050/* — Local development
  • http://127.0.0.1:5050/* — Local development
  • https://us.credchains.com/* — Production platform
  • https://credchains.com/* — Marketing site

Why we need it: The extension only interacts with CredChains platform endpoints to:

  • Claim credentials: When you click a claim link on credchains.com or us.credchains.com, the extension receives the claim request and prompts you to sign.
  • Verify credentials: The extension can display credential details when viewing verify pages on the CredChains platform.
  • Local development: Developers building on CredChains can test the extension against local instances.

What we do with access: The extension only listens for credential claim messages from these domains. It does not read or modify page content except to inject the wallet provider for credential interactions.

Third-party sites: The extension does not interact with any third-party websites. Host permissions are limited to CredChains-owned domains only.

Remote Code Justification

Declaration: This extension does NOT load or execute remote code.

Architecture: All extension code is bundled at build time and included in the extension package submitted to the Chrome Web Store:

  • Background service worker: dist/background/background.js — Handles wallet cryptography and message routing
  • Popup UI: popup/popup.html and related scripts — User interface for wallet management
  • Content scripts: dist/content_scripts/wallet.js — Injects wallet provider into CredChains pages
  • Injected script: content_scripts/injected.js — Provides EIP-1193 provider to web pages

No dynamic code: The extension does not use eval(), Function() constructor, or dynamically load JavaScript from external URLs. All code is static and auditable in the extension package.

Dependencies: The extension uses ethers.js (bundled at build time) for cryptographic operations. No code is fetched from CDNs or remote servers at runtime.

Extension Data Practices Summary

  • Data stored: Encrypted wallet key, public address (local device only)
  • Data transmitted: Only cryptographic signatures for credential claims (never private keys)
  • Third-party sharing: None
  • Analytics: None
  • Advertising: None

For questions about the CredChains Wallet Extension, contact team@credchains.com.