How Do Popular Wallets Collect Your Data?
In the cryptocurrency world, "non-custodial wallet" has become synonymous with privacy and security. However, when we dive deep into the privacy policies of mainstream wallets, we discover an unsettling truth: the vast majority of wallets claiming to be "non-custodial" are actually collecting user data on a massive scale.
The Data Collection Reality of Mainstream Wallets
TokenPocket: Comprehensive Data Harvesting
đ View TokenPocket Official Privacy Policy
TokenPocket explicitly states in its privacy policy:
"We may collect your Personal Information, including but not limited to your mobile device information, operation records, transaction records and wallet addresses."
Even more concerning, TokenPocket also collects:
"In order to satisfy your needs for specific services, we may collect your name, bank card number, telephone number, email address, etc."
The wallet even collects GPS location data:
"We may collect your location information... GPS location information is considered sensitive personal data."
Most critically, they link your identity to your wallet:
"We may associate you with your wallet by the unique serial number of your mobile device."
MetaMask (Consensys): IP Address and Wallet Information Linking
đ View MetaMask/Consensys Official Privacy Policy
MetaMask, developed by Consensys, reveals the following data collection practices in its privacy policy:
"We may temporarily process IP addresses, only where necessary and to provide the best possible experience for MetaMask users."
Regarding wallet and transaction information:
"Wallet and transaction related information, including your wallet address which is processed as part of API requests (in URL parameters or bodies) when making API calls required to support the user experience."
Device and usage information is also collected:
"Device and Usage Information: When you access and use the Offerings... we may receive and store information about your interactions. This may include information such as date/time stamps, usage information and statistics, your internet protocol (IP) address, location (eg, city or state), hardware and software information... browser type, device identifiers, device event information, crash data, cookie data."
MetaMask also uses third-party analytics and advertising services:
"Subject to your consent, third-party services, which may include Google Analytics, Google Tag Manager, Hubspot, Segment or LinkedIn, may use cookies and web beacons to collect information about your activities."
Exodus: Transaction Logs and Third-Party Data Sharing
đ View Exodus Official Privacy Policy
đ View Exodus Terms of Service (PDF)
Exodus's privacy policy reveals extensive data collection:
"When you visit our Sites, we collect your internet protocol (IP) address, web browser type, web browser language, operating system type... the pages you view, the length of time you spend on a page, the dates and times of your visits, the hyperlinks you click on."
Regarding transactions:
"When performing an exchange through a third-party API provider, we log information such as the wallet addresses and the transaction IDs involved."
Exodus partners with multiple advertising platforms to track users:
"We may allow third-party advertising partners to use cookies on the Sites to collect information about your browsing activities... our advertising partners, which may include Meta, TikTok and X (formerly known as Twitter), may deploy pixel tags on our Sites."
Exodus shares data with numerous third-party service providers, including: 1inch, Changelly, ChangeNow, Moonpay, Robinhood, PayPal, Blockchain.com, Coinme, and many more exchanges and payment services.
Trust Wallet: Comprehensive Device and Transaction Monitoring
đ View Trust Wallet Official Privacy Policy
Trust Wallet collects data including:
"Transaction Information: Information about the historical transaction you made on the public blockchain such as timestamps, public wallet address and transaction amounts."
Device information is also collected:
"Device & Usage Information: Device model, operating system, app installation information, browser type and language setting."
Regarding IP address handling:
"Please note that the IP address is used only on a transient basis... The IP address's sole purpose is to facilitate traffic and service redirection in compliance with regulatory requirements based on the user's country."
Trust Wallet also uses cookies and similar technologies:
"We use cookies and similar tools to enhance your user experience, provide our services, enhance our marketing efforts and understand how customers use our services."
imToken: Analytics Tracking and Partner Sharing
đ View imToken Official Privacy Policy
imToken also engages in data collection:
"Browser Information for Analytics: To enhance your experience, we gather information about your browser interactions for analytical purposes. IP Address Handling: For security, to prevent malicious activities, and to comply with legal standards, we might temporarily process or store your IP address."
imToken explicitly links devices to wallets:
"to associate your wallet by the unique serial number of your mobile device"
imToken uses cookies and web analytics, and conducts behavior tracking:
"to conduct our internal audit, behavior tracking, data analysis and research"
They also share data with business partners:
"If you have consented to our disclosure of your personal information to our strategic business partners and associates, we may disclose your personal information to them."
What Does Data Collection Mean for Users?
These data collection practices carry serious consequences:
| Data Type Collected | Potential Risk |
|---|---|
| Wallet Address | Complete transaction history exposed, assets trackable |
| Device Fingerprint & Unique ID | Cross-platform identity linking, nowhere to hide |
| IP Address | Physical location exposed, traceable by authorities |
| Transaction Records | Financial status transparent, targeted attack vulnerability |
| Cookies & Trackers | Browsing behavior monitored by advertisers and third parties |
| Behavior Tracking Data | Usage habits analyzed, user profiles built |
MyXmr Wallet: True Zero Data Collection
In stark contrast to the wallets above, MyXmr Wallet adheres to genuine privacy protection principles from its very foundation:
- No Address Logging â Your Monero address is never recorded or stored by our servers.
- No Transaction Storage â All transaction information exists only on the Monero blockchain; we retain no copies.
- No Device Tracking â No device fingerprints, no unique ID collection, no cross-device tracking.
- No IP Collection â We do not record your network connection information.
- No Tracking Cookies â No advertising tracking, no third-party analytics, no behavior monitoring.
- Offshore Servers Under Secure Jurisdiction â Servers located in privacy-friendly jurisdictions, away from data request pressures.
- Private Keys Entirely Under Your Control â True non-custodial; private keys exist only on your device.
Why Choose Monero + MyXmr?
Monero itself provides protocol-level privacy protection: ring signatures hide senders, stealth addresses protect receivers, and RingCT conceals transaction amounts. But if the wallet you use is collecting your data, these privacy protections are significantly undermined.
MyXmr Wallet ensures that Monero's privacy advantages are not compromised by wallet-level data collection.
Not "less collection" â no collection at all.
This is the fundamental difference between MyXmr and 99% of wallets.
References - Official Privacy Policy Links
- TokenPocket: https://www.tokenpocket.pro/privacy-en/index.html
- MetaMask/Consensys: https://consensys.io/privacy-notice
- Exodus Privacy: https://www.exodus.com/privacy/
- Exodus ToS: https://www.exodus.com/legal/exodus-tos-20250704-v36.pdf
- Trust Wallet: https://trustwallet.com/privacy-notice
- imToken: https://token.im/tos-en.html