ZUL://PRIVACYPRIVACY LAYER 2 — SETTLED ON SOLANA
ZUL
LEGAL — /privacy

Zullet — Privacy Policy

Last updated: 2026-06-15

Zullet is a self-custodial (non-custodial) browser-extension wallet for the ZUL chain — a privacy Layer 2 on Solana — and the Solana networks it settles to. This policy explains exactly what the extension does and does not do with your information.

The short version

Zullet does not collect, transmit, sell, or share any personal data. There is no Zullet server, no account, no analytics, and no tracking. Everything the wallet needs lives on your own device.

What is stored, and where

All of the following is stored locally on your device only, inside the browser's extension storage. None of it is ever sent to us or to any third party:

  • Your recovery phrase and any imported private keys, encrypted at rest with a key derived from your password (scrypt → AES-256-GCM). They are decrypted only in memory, only while the wallet is unlocked, and the decrypted form is cleared when you lock the wallet or close the browser.
  • Public account metadata — your account addresses, labels, and which network and account are selected.
  • A list of websites you have connected the wallet to, so they don't have to ask permission every time. You can disconnect any site at any time in Settings.
  • A temporary unlock session kept in memory (cleared on browser close and after ~30 minutes of inactivity).

We never have access to any of this. If you lose your recovery phrase, we cannot recover it for you.

Network requests

To function as a wallet, the extension talks only to public blockchain RPC endpoints, and only to read public on-chain data or to broadcast transactions that you have signed:

  • api.mainnet-beta.solana.com, api.devnet.solana.com (Solana)
  • rpc.zul.so (ZUL Layer 2)

These requests contain only standard JSON-RPC calls (e.g. reading a balance, submitting a signed transaction). They do not contain your keys, your password, or any personal identifier beyond the public addresses inherent to a blockchain transaction. The zero-knowledge proving parameters used by the shielded pool are bundled inside the extension, not downloaded at runtime.

Websites you visit

Zullet injects a standard wallet provider into web pages so that decentralized apps can detect it and request a connection — the same mechanism used by other Solana wallets. The extension does not read, collect, or transmit the content of the pages you visit. It only responds to explicit wallet requests (connect / sign), and every signing request requires your approval.

Data sharing and selling

We do not sell or share your data with anyone. There is nothing to sell — we never receive it.

Changes

If this policy changes, the updated version will be published at this URL with a new date.

Contact

Questions about privacy: inbox@zul.so