Nostr WoT

Privacy Policy

Last updated: February 2026

This Privacy Policy describes how Nostr Web of Trust ("we", "us", or "our") collects, uses, and protects your information when you use our website (nostr-wot.com) and browser extension (WoT Extension).

We are committed to protecting your privacy. As a project built for the Nostr ecosystem, we understand the importance of decentralization and user sovereignty over personal data.

Website Privacy

Information We Collect

When you visit our website, we may collect:

  • Analytics Data: We use Google Analytics to understand how visitors use our site. This includes anonymized information such as pages visited, time spent on site, browser type, device type, and approximate geographic location (country level).
  • Contact Form Data: If you submit our contact form, we collect your name, email address, organization (if provided), and message content.

How We Use Website Data

  • To improve our website and documentation
  • To respond to your inquiries and support requests
  • To understand aggregate usage patterns

Cookies

Our website uses cookies for analytics purposes. Google Analytics sets cookies to distinguish unique users and sessions. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Browser Extension Privacy

The WoT Extension is designed with privacy as a core principle. Here's what you need to know:

Data Storage

  • Your Pubkey: Stored locally in your browser to identify your position in the social graph. Never sent to our servers.
  • Configuration: Your settings (operating mode, relay preferences, oracle URL) are stored locally in your browser.
  • Local Graph Index: In Local or Hybrid mode, follow relationships are stored in your browser's IndexedDB. This data never leaves your device.

Operating Modes

The extension offers three operating modes with different privacy implications:

Local Mode (Most Private)

  • All queries are processed locally in your browser
  • Follow data is fetched directly from Nostr relays
  • No data is sent to the WoT Oracle or our servers
  • Your queries remain completely private

Remote Mode

  • Queries are sent to the WoT Oracle API to calculate social distance
  • The Oracle sees which pubkeys you are querying (but not your identity unless you reveal it)
  • Provides faster results with less local storage
  • Consider using a self-hosted Oracle for enhanced privacy

Hybrid Mode

  • Queries your local index first
  • Falls back to Remote mode only when needed
  • Balances privacy with coverage

What the Extension Does NOT Do

  • We do not collect or transmit your browsing history
  • We do not inject ads or tracking scripts
  • We do not sell or share your data with third parties
  • We do not store your private keys (we never have access to them)
  • We do not run analytics or telemetry in the extension

Permissions

The extension requests the following browser permissions:

  • Storage: To save your configuration and local graph index
  • Scripting: To inject the window.nostr.wot API into web pages

WoT Oracle API

If you use the public WoT Oracle API (directly or through the extension in Remote mode):

Data Collected

  • Query Data: The pubkeys you query for social distance calculations
  • IP Address: Used for rate limiting (100 requests/minute per IP)
  • Request Timestamps: For rate limiting and abuse prevention

Data NOT Collected

  • We do not log query history long-term
  • We do not associate queries with identities
  • We do not track which websites make queries

Self-Hosting

For maximum privacy, you can self-host your own WoT Oracle. This gives you complete control over your query data.

Third-Party Services

Our website uses the following third-party services:

Google Analytics

We use Google Analytics to analyze website traffic. Google may collect and process data according to their Privacy Policy. We have configured Google Analytics to:

  • Anonymize IP addresses
  • Disable data sharing with Google
  • Disable advertising features

Google reCAPTCHA

Our contact form uses Google reCAPTCHA v3 to prevent spam. This service may collect hardware and software information. See Google's Privacy Policy and Terms of Service.

Resend

We use Resend to process contact form submissions. Your contact information is transmitted to Resend to deliver emails. See Resend's Privacy Policy.

Nostr Relays

In Local mode, the extension connects directly to Nostr relays to fetch follow lists. These are public Nostr relays; their data handling practices vary. The extension only fetches public Kind 3 (follow list) events.

Data Retention

  • Analytics Data: Retained by Google Analytics for 14 months
  • Contact Form Submissions: Retained in our email system until the inquiry is resolved
  • Extension Data: Stored locally in your browser until you clear it or uninstall the extension
  • Oracle Rate Limit Data: IP-based rate limit counters expire after 1 minute

Your Rights

You have the right to:

  • Access: Request information about data we hold about you
  • Deletion: Request deletion of your personal data
  • Opt-out: Disable Google Analytics tracking using browser tools
  • Control: Clear extension data at any time through browser settings
  • Portability: Export your local graph data from the extension

To exercise these rights, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

For significant changes, we may provide additional notice such as adding a statement to our homepage or sending you a notification.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us.

Open Source Transparency

Both the WoT Extension and WoT Oracle are open source. You can review exactly what code runs and verify our privacy claims: