Legal

Your data stays yours.

Last updated: April 12, 2026

What Cenotaph is

Cenotaph is a stateless, on-chain password manager. It encrypts your credentials client-side and stores the ciphertext on the Monad blockchain. There is no central server that holds your passwords, no account to create, and no personal information to provide.

Data we collect

None.

The Cenotaph browser extension runs entirely on your device. It does not transmit analytics, telemetry, error reports, or any personal information to us or any third party.

We do not use cookies, tracking pixels, or fingerprinting of any kind.

Data stored on your device

The extension stores the following locally via chrome.storage:

  • Your wallet address (public, not sensitive)
  • Passkey credential ID (public handle, not the private key)
  • User preferences (auto-lock timeout, storage mode, bridge URL)
  • Cached encrypted entries (optional, for offline access)

Your master key is held in service worker memory and chrome.storage.session (encrypted, profile-scoped). It is never written to disk in plaintext and is cleared on browser close or after 5 minutes idle.

Data stored on-chain

When you save a credential, the extension writes AES-GCM encrypted ciphertext to the Monad blockchain under your wallet address. This data includes:

  • Encrypted credential blobs (opaque bytes — unreadable without your master key)
  • SHA-256 hashed domain identifiers (salted, not reversible without your salt)
  • Encrypted passkey wraps (for device recovery)

All on-chain data is public by nature of blockchain transparency, but it is encrypted and meaningless without your wallet signature and passkey.

Cloud storage (optional)

If you opt in to cloud storage, encrypted vault blobs are stored on Cloudflare R2 via secure.cenotaph.app. This service:

  • Stores only encrypted blobs — we cannot read your passwords
  • Authenticates via wallet signature challenge (no email, no username)
  • Enforces a 2 MB per-wallet quota
  • Requires a one-time 1 MON on-chain activation fee

The cloud server never sees your master key, your plaintext passwords, or any personal information. It is a dumb encrypted blob store.

Website (cenotaph.app)

The Cenotaph website is a static site hosted on Cloudflare Pages. It does not set cookies, run analytics scripts, or collect any visitor information. Cloudflare may collect standard access logs (IP address, user agent) as part of their infrastructure — see Cloudflare's privacy policy.

Permissions the extension requests

storage
Save your preferences and cached entries locally.
activeTab
Detect the current site's domain to match saved credentials.
scripting
Inject the autofill content script into web pages.
tabs
Read tab URLs to match credentials and detect navigation.
alarms
Schedule auto-lock after inactivity timeout.
host_permissions: <all_urls>
Required to autofill credentials on any website you visit. The extension only activates on pages with login forms.

Third-party services

Cenotaph interacts with the following external services:

  • Monad RPC endpoints — to read and write on-chain vault data
  • Cloudflare R2 — encrypted blob storage (only if you opt in to cloud)

No data is shared with advertising networks, analytics providers, or data brokers. There are no third-party SDKs embedded in the extension.

Changes to this policy

If we change this policy, we will update the date at the top of this page. Material changes (e.g., introducing data collection) would be announced via the extension update notes on the Chrome Web Store.

Contact

Questions about this policy? Open an issue on GitHub or reach out on X.

Cenotaph

A vault with no secrets to steal.

Install for Chromium