Privacy Policy

July 16, 2026 · View on GitHub

Last updated: 2026-07-16

What Bark stores

Bark stores local extension state in the browser extension local storage API (chrome.storage.local or the equivalent WebExtensions API):

  • Bunker URI — the NIP-46 connection string you provide, containing your signer's public key and relay URLs.
  • Client secret — a randomly generated key used to authenticate Bark to your signer across sessions. This is not your private key.
  • Instance metadata — display name, pairing address, npub, Heartwood mode, Heartwood identity labels/pubkeys, active instance ID, and signer health status.
  • Signing policies — per-site allow/ask/deny choices, per-method and per-kind overrides, protected event kind rules, and the privacy mode toggle.
  • Enabled sites — on Chromium, the list of origins you have enabled Bark on beyond the built-in list of well-known Nostr clients.

These values stay on your machine in your browser's extension storage. The bunker URI and client secret are used only to communicate with the signer through the relays specified in your bunker URI. Nothing is transmitted to the Bark developers; there is no server side.

What Bark does not do

  • No data collection. Bark does not collect, store, or transmit analytics, telemetry, usage data, or personal information.
  • No third-party services. Bark makes no network requests except WebSocket connections to the Nostr relays specified in your bunker URI, including loopback relay URLs if you paste or pair one, and optional HTTP pairing requests to the Heartwood or bridge-host address you enter.
  • No tracking. No cookies, no fingerprinting, no identifiers.

Network connections

Bark connects via WebSocket to the relay URLs embedded in your bunker URI. These can be public wss:// relays or local loopback ws://localhost/ws://127.0.0.1 relays exposed by a bridge daemon. These connections carry NIP-46 signing requests between Bark and your remote signer.

Request payloads (events you ask to sign, text you ask to encrypt or decrypt) are encrypted end to end with NIP-44 between Bark and your signer. Relay operators see only ciphertext plus the transport metadata inherent to any WebSocket connection: the two public keys involved, message timing, and your IP address. Choose relays you are comfortable with; they are always yours to change.

If you pair by QR (nostrconnect), Bark connects to the relay you enter for the pairing handshake (the field defaults to wss://relay.nsec.app) using a fresh key and secret generated for that attempt. If your signer requires a browser approval step, Bark shows an "Open approval page" button; the signer-provided https page opens in a new tab only when you click it.

If you pair by entering a Heartwood or bridge-host address, Bark sends local HTTP requests to that address to pair and, when available, import Heartwood's per-identity bunker URI manifest. For Wi-Fi-less hardware behind heartwood-bridge, Bark does not communicate with the board over USB/serial; the host daemon handles that transport.

With privacy mode enabled, Bark additionally hides window.nostr from every site without a site rule, so unlisted sites cannot detect that the extension is installed. This is a local behaviour switch; it involves no network activity.

Your keys

Bark never sees, stores, or handles your private key. All signing happens on your remote signer or on hardware behind its bridge daemon. Bark only receives signed events back.

Questions

If you have questions about this policy, open an issue at github.com/forgesworn/bark.