• Home
  • Scan
  • FAQ
  • Blog
  • Contact
Extension Auditor
Extension Auditor
  • Home
  • Scan
  • FAQ
  • Blog
  • Contact
Sign InSign Up
Extension Auditor
Extension Auditor

Don't sacrifice privacy for convenience. Scan your browser extensions completely on-device.

Extension Auditor is a Product of Alpha CISO Pte. Ltd, (registered in the Republic of Singapore) Company Registration No: 202338803N.

About
  • Blog
  • Contact
Legal
  • Terms of Service
  • Privacy Policy

Privacy Policy

Our privacy policy and how we use your data

Overview

Extension Auditor is a comprehensive browser extension security monitoring, risk analysis, and privacy management tool. It helps users audit their installed extensions by tracking activity logs, analyzing permissions for security risks, and managing browser privacy settings, all to enhance browsing security and privacy. We are committed to protecting your privacy and ensuring transparent data practices.

Data Collection & Privacy Focus

What We Analyze

  • Installed extensions and their metadata
  • Extension permissions and their security implications
  • Host access patterns and potential privacy risks
  • Content script interactions with web pages
  • Extension manifest settings and security practices
  • Extension activity logs and lifecycle events
  • Browser privacy settings and configurations
  • Combined risk assessment based on multiple security factors

Privacy-First Approach

Extension Auditor operates with a privacy-first approach:

  • Local Processing: All core functionality runs entirely in your browser
  • Optional Account: Account creation is completely optional for enhanced features
  • No Tracking: We do not track your browsing history or behavior
  • Minimal Data: We only collect data necessary for functionality
  • User Control: You maintain full control over your data and privacy settings

Data Collection

Required Data (Local Processing Only)

The extension processes the following data locally in your browser:

  • Extension information and metadata for security analysis
  • Extension activity logs for monitoring purposes
  • User preferences and configuration settings
  • Security assessment results and risk classifications

Optional Data Collection (Account Features)

If you choose to create an account at extensionauditor.com, we may collect:

  • Email address: For account creation and authentication
  • Authentication credentials: Username/password or OAuth credentials for login
  • Account preferences: Settings and configurations synced across devices

Important: All account creation and web service features are completely optional. The core extension functionality works without any account or external data sharing.

Data We Do NOT Collect

  • Personal communications
  • Financial or payment information
  • Health information
  • Location data
  • Browsing history (beyond extension interaction monitoring for security purposes)
  • Website content
  • Personal files or documents

Required Permissions

Extension Auditor requires specific permissions to provide comprehensive security analysis and privacy management features:

Core Security Analysis Permissions

  • management: Essential for accessing information about installed extensions, including their manifests, permissions, and enabled/disabled status for security risk assessments
  • storage: Stores user preferences, extension activity logs, risk assessment data, and privacy settings configurations locally
  • unlimitedStorage: Enables storage of comprehensive extension activity logs and security audit data, including CRX/ZIP packages for security analysis

Privacy Management Permissions

  • privacy: Crucial for the Privacy Settings Manager feature, allowing users to control Chrome's built-in privacy settings for enhanced protection
  • contentSettings: Manages content-related privacy settings including JavaScript, cookies, notifications, camera, microphone, and other browser content settings
  • declarativeNetRequest: Implements privacy-enhancing network rules to block tracking parameters from URLs
  • declarativeNetRequestWithHostAccess: Extends network request functionality to implement sophisticated privacy protections and URL parameter stripping

User Interface & Functionality Permissions

  • contextMenus: Provides convenient right-click menu options for quick access to security analysis features and privacy controls
  • notifications: Alerts users about critical security events, high-risk extensions, dangerous permissions, or privacy setting modifications
  • alarms: Schedules periodic background tasks for refreshing extension data, updating security assessments, and performing automated privacy checks

Host Access Permission

  • <all_urls>: Required to analyze how extensions interact with websites, detect extensions with excessive host access permissions, and implement privacy features such as URL parameter stripping and content script analysis. This permission enables effective auditing of other extensions' interactions with web pages to identify potential security risks.

How It Works

Local Analysis Engine

Extension Auditor performs comprehensive analysis locally in your browser:

  • Permission Analysis: Evaluates extension permissions and their security implications
  • Host Access Monitoring: Identifies broad host permissions that could pose privacy risks
  • Content Script Analysis: Examines how extensions interact with web pages
  • Manifest Analysis: Reviews extension manifest settings for security best practices
  • Activity Logging: Tracks extension lifecycle events and interactions
  • Privacy Settings Management: Monitors and manages browser privacy configurations
  • Network Protection: Implements privacy-enhancing rules to block tracking

Risk Classification System

  • Critical: Highly sensitive permissions or combinations that could be dangerous if misused
  • High: Permissions that could potentially be used maliciously
  • Medium: Permissions that require caution as they provide significant capabilities
  • Low: Permissions with limited potential for misuse

Optional Web Service Integration

For users who choose to create an account:

  • Enhanced features and cross-device synchronization
  • Cloud backup of preferences and settings
  • Advanced reporting and analytics
  • All data transmission is encrypted and secure
  • Account deletion removes all associated data

Data Security & Retention

Local Data

  • Stored securely in your browser's local storage
  • Automatically managed by browser security policies
  • Removed when extension is uninstalled

Account Data (Optional)

  • Encrypted in transit and at rest
  • Stored on secure servers with industry-standard protection
  • Retained only as long as your account is active
  • Permanently deleted upon account deletion request

Your Rights & Controls

  • Opt-out: Use the extension without creating an account
  • Data Access: Request access to your account data
  • Data Deletion: Delete your account and all associated data
  • Privacy Controls: Manage all privacy settings within the extension
  • Transparency: Full visibility into what data is collected and how it's used

Third-Party Data Sharing

We do not:

  • Sell or transfer user data to third parties
  • Use or transfer user data for purposes unrelated to our extension's security and privacy functions
  • Use or transfer user data for creditworthiness or lending purposes
  • Share data with advertisers or marketing companies

Updates to This Policy

We may update this privacy policy to reflect changes in our practices or for legal compliance. Users will be notified of significant changes through the extension or our website.

Contact Us

If you have any questions about our privacy policy, data practices, or security measures, please contact us at support@mail.extensionauditor.com

Last Updated: March 22, 2025