Podkey ← Home

Privacy Policy

Last updated: 2026-06-16

Podkey is a browser extension that holds a Nostr/did:nostr key on your device and uses it to sign Nostr events (NIP-07) and to authenticate to Solid pods over NIP-98. It is a local signer: your key never leaves your device, and Podkey has no servers, no accounts, and no analytics.

What Podkey stores, and where

All data is stored locally in the browser's extension storage. Nothing is sent to the Podkey developers or any third party.

DataWhereNotes
Private keystorage.local, encryptedStored only as an AES-256-GCM ciphertext, wrapped by a scrypt key derived from your passphrase. The plaintext key is never written to disk.
Private key (unlocked)storage.session, in-memoryAfter you unlock, the decrypted key is held in memory for the browser session, then cleared when the browser closes.
Public keystorage.localYour did:nostr identity. Not secret.
Trusted originsstorage.localSites you approved to sign without re-prompting, plus an optional per-site auto-sign preference. Revocable from the popup.

There is no telemetry, no tracking, no advertising identifiers, and no remote logging. Podkey collects none of your browsing history or page content.

How your key is used

Permissions, and why

Data sharing and retention

Back up your private key before forgetting it or uninstalling. Without a backup it cannot be recovered.

Your control

Contact

Podkey is open source under AGPL-3.0. Questions, issues, or security reports: github.com/JavaScriptSolidServer/podkey/issues.