What this is
The OwnYou wallet is a Manifest V3 browser extension implementing the OwnYou attribution protocol. It runs entirely in your browser. The wallet lets you consent — at install time — to sharing a small set of audience claims with publishers, DSPs, and advertisers running the OwnYou SDKs, and receive USDC at per-(campaign, rotation) HD-derived payout addresses when advertisers settle on-chain.
What data leaves your device
- Disclosed audience claims — a BBS+ selective-disclosure proof carrying your consented IAB Audience Taxonomy 1.1 interests + purchase intent + coarse demographics (age range, gender, household profile). The exact set is what you saw in the install-time Onboarding screen at app.ownyou.app/onboarding and what is mirrored read-only in Settings → Disclosure.
- Per-campaign tracking ID — ElGamal-encrypted to the advertiser's public key. Only the specific advertiser can decrypt; OwnYou cannot.
- Per-(campaign, rotation) payout address — HD-derived from your wallet seed. Each campaign sees a fresh per-epoch address; the advertiser cannot link your activity across campaigns from the payout-address surface.
What is stripped before anything leaves your device
- Your name.
- Your email address.
- Your wallet seed and any seed-derived address the advertiser does not need (advertisers see only the per-(campaign, rotation) HD-derived payout address).
- URL paths beyond the originating publisher's domain.
- Cross-campaign linkage. The selective-disclosure proof's pseudonym is bound to the publisher's origin only.
What stays on your device
Local-only, in chrome.storage.local: your install-consent record, full disclosure
preferences, the classifier history that feeds the audience-segment derivation, the full delivery
log, the full earnings ledger, your local credentials. Uninstalling the extension wipes all of it
(standard Chrome uninstall behaviour). No cloud sync in Slice 1. Cross-device active-device
coordination is deferred to a later release.
The IP-address caveat
Your network IP address is visible to the advertiser at the HTTP layer when the wallet POSTs your ad delivery. The OwnYou protocol cannot strip this — it is a property of how the internet works. If IP-level anonymity matters to you, use Tor, a VPN, or Apple Private Relay. The wallet emits no IP-related signal beyond what your browser would emit when loading any web page.
This is consistent with the explainer at how-it-works.html § 4 — the IP-address caveat.
Privy authentication
OwnYou uses Privy for wallet provisioning and OAuth-backed account access (Google, Microsoft OIDC). Privy's own privacy policy is authoritative for the data Privy stores on its managed surface; consult the linked policy for that scope.
Third parties on the Slice 1 protocol path
-
Base Sepolia RPC endpoints — your wallet polls public RPC endpoints
(
sepolia.base.org,base-sepolia.public.blastapi.io,base-sepolia-rpc.publicnode.com,base-sepolia.gateway.tenderly.co) to observe escrow settlement events. You can override the endpoint list in PWA Settings → Advanced. - Placeholder advertisers (Acme, Globex) and the placeholder DSP are OwnYou-team-operated stand-ins for the Slice 1 pilot. As real publishers, DSPs, and advertisers integrate, you encounter the third parties running OwnYou SDKs on the sites you visit.
Data retention
Local-only. No cloud sync in Slice 1. Uninstalling the wallet extension wipes
chrome.storage.local; from that point no record of your audience claims, delivery
log, or earnings exists in the OwnYou surface. The on-chain settlement record on Base Sepolia
remains public (this is a property of the chain, not a property of the wallet) but cannot be
linked back to your seed without your cooperation.
Contact
- Privacy inquiries: privacy@ownyou.app
- Rights-holder takedowns + legal: nick@ownyou.io
Last updated
Last updated: 2026-05-12. Pinned against disclosure-policy-v3.json +
trust-registry-v1.json (the artefact versions snapshot-recorded in your
install-consent record). This policy is re-published on each disclosure-policy or trust-registry
bump.