Last updated: June 2025
Mist Wallet is a non-custodial, multi-chain Ethereum wallet for desktop (Windows, macOS, Linux) and a developer SDK. Our mission is to make self-custody and on-chain interactions safer and clearer.
Legal entities & correspondence:
Support: support@mist.app • Media/partnerships: press@mist.app
We design for data minimization. Here is a transparent view across our website, desktop app, and SDK:
| Data category | Examples | Where | Purpose | Control |
|---|---|---|---|---|
| On-device secrets | Private keys, seed phrases, derived keys | Desktop app | Wallet functionality | Never leaves device |
| Wallet metadata | Addresses, chain IDs, public asset balances (from RPC) | Desktop app / SDK | Show balances, build transactions | User-controlled |
| Diagnostics (optional) | App version, OS info, anonymized crash traces | Desktop app | Reliability, debugging | Opt-in / Opt-out |
| Product analytics (minimal) | Aggregated feature usage (no keys, no raw tx data) | Desktop app / Website | Improve UX, roadmap decisions | Toggle in settings |
| Support interactions | Emails, tickets, logs you choose to share | Support | Answer questions, resolve issues | Your choice to submit |
| Web telemetry | Basic visits, pages, referrers (cookie-lite) | Website | Site performance & security | Consent where required |
We do not sell your personal data. We don’t run ads. We do not build cross-site profiles. Blockchain interactions are public by design, but you decide which addresses to use and share.
We use a small set of cookies/local storage entries to keep the site secure and useful. Categories:
| Type | What it does | Storage | Expiry | Required |
|---|---|---|---|---|
| Essential | Load balancing, CSRF protection, fraud prevention | Cookie | Session → 24h | Yes |
| Preferences | Remember OS recommendation, language, reduced motion | Local Storage | Until cleared | Optional |
| Analytics | Aggregate page views, without cross-site tracking | Cookie / Local Storage | 6–13 months (jurisdiction-dependent) | Consent where required |
You can adjust browser settings to block or delete cookies. Some features may degrade if essential cookies are blocked.
Non-custodial by design. Keys are generated and stored on your device. Signing happens locally via OS-level cryptography APIs where applicable.
When you connect to chains (Ethereum mainnet, L2s), your client talks to RPC endpoints you configure or that we provide as defaults. These third-party endpoints may receive your IP address, wallet address, and request metadata. You can switch providers or run your own node.
Discovery and session protocols exchange public metadata (e.g., peer name, chain, capabilities). They are not used by us to build marketing profiles.
If enabled, the app may send anonymized crash traces, OS version, app version, and performance counters. No private keys or raw transaction payloads are included. You can disable diagnostics in app settings.
Retention. We keep personal data only for as long as needed for the purposes above, then delete or anonymize it. Typical windows:
Security. We apply least-privilege access, encryption in transit, strict origin checks, request rate-limits, and audit logs for sensitive flows. Private keys never leave your device.
Depending on where you live, you may have some or all of the following rights. We honor valid requests regardless of where you are when feasible.
To exercise rights, see Contact & requests.
Our operations are in Switzerland and the UAE, with infrastructure that may be located in the EU and other regions. When transferring data internationally, we rely on appropriate safeguards, such as Standard Contractual Clauses where relevant.
EU/EEA & UK: GDPR/UK GDPR apply. Swiss nFADP applies in Switzerland. We implement contractual safeguards with processors outside these areas.
US (California): We do not sell or share personal information for cross-context behavioral advertising as defined by CPRA.
For privacy questions or to exercise rights, contact us at support@mist.app. We may ask you to verify your identity and ownership of relevant wallet addresses to protect your data.
Response times vary by jurisdiction (typically within 30 days).
We may update this Privacy Policy to reflect product changes, legal requirements, or best practices. We’ll adjust the “Last updated” date and, when changes are material, we’ll provide a more prominent notice.
Last updated: June 2025
