When you install the Phantom browser extension, your browser asks for permission to "Read and change all your data on all websites." This permission is required for Phantom to work with decentralized apps (dApps).
Why this permission is needed
Phantom injects a small piece of code into the websites you visit. This allows dApps to detect your wallet and connect to the blockchain, which is what makes it possible to sign transactions, view your collectibles, and check balances directly from the site you're using.
How you stay in control
Granting this permission does not give Phantom access to your browsing history or personal data. Phantom only activates when a site requests a wallet connection or you interact with it directly.
If you want to limit where your wallet interacts, use a separate browser profile just for Phantom. This creates an isolated environment for crypto activity and reduces exposure to other extensions or browsing sessions.
What Phantom does not access
Phantom does not read, store, or share your personal browsing data. The permission is required for wallet functionality, not for tracking or data collection.