Chrome Extension Privacy Policy

ScamSandbox Browser Protection

Effective Date: April 2024 | Last Updated: April 2024

Our Commitment to Your Privacy

The ScamSandbox Chrome Extension is designed with privacy-first principles. We protect you from online threats while minimizing data collection. This policy explains exactly what our extension does with your data.

What Our Extension Does

ScamSandbox Chrome Extension provides real-time protection against phishing, scams, and malicious websites by analyzing the sites you visit and warning you about potential threats.

✓ Real-time threat detection when you browse
✓ Instant security alerts for dangerous sites
✓ On-demand deep security analysis
✓ Community-driven threat intelligence

Information We Access

When You Browse (Automatic Protection)

•
Current Page URL:
We check the URL of pages you visit against our threat database. This check happens locally first, then queries our API only for suspicious patterns. URLs are not logged or stored on our servers.
•
Page Content Analysis:
We analyze page elements locally in your browser to detect phishing attempts, fake login forms, and scam patterns. This analysis happens entirely on your device.

When You Request a Scan (Manual Action)

•
Domain Information:
When you click "Analyze This Page", we send the domain to our API for comprehensive security analysis. This creates a scan record on our servers tied to the domain, not to you personally.
•
Threat Reports:
Generated reports include security findings, risk scores, and recommendations. Reports are associated with domains, not individual users.

Stored Locally on Your Device

•
Your Settings:
Protection level preferences, notification settings, and whitelisted domains are stored locally using Chrome's storage API. Never sent to our servers.
•
Cached Threat Data:
Recent threat checks are cached locally to improve performance and reduce server requests. Cache is automatically cleared after 24 hours.

What We DON'T Do

✗ No Browsing History: We do not track, store, or have access to your browsing history
✗ No Personal Profiles: We do not create user profiles or track individual users
✗ No Data Sale: We never sell, rent, or share your data with third parties
✗ No Ads or Tracking: We don't inject ads or use tracking pixels
✗ No Passwords or Personal Info: We don't access form data, passwords, or personal information
✗ No Background Mining: We don't use your device for cryptocurrency mining or similar activities

Chrome Permissions Explained

Our extension requests only the minimum permissions necessary:

activeTab

Allows the extension to analyze the current tab when you click the extension icon. We cannot access tabs in the background or view multiple tabs simultaneously.

storage

Saves your preferences locally on your device. This includes protection settings, whitelisted domains, and cached security data. Never synced to our servers.

host_permissions (scamsandbox.com)

Allows communication with our API for threat verification and detailed security analysis. Limited only to our domain for your protection.

Note: We follow Chrome's principle of least privilege. We don't request permissions for all websites (*://*/*) or broad access that could compromise your privacy.

When We Share Data

With Our API (scamsandbox.com)

• Domain names for security analysis (only when you request a scan)
• Suspicious URL patterns for threat verification
• Community threat reports (if you choose to submit one)

Never Shared

✗ Your identity or personal information
✗ Your complete browsing history
✗ Data with advertisers or data brokers
✗ Information with other extensions or websites

Your Rights & Controls

You Can Always:

✓
Disable Real-time Protection:
Turn off automatic threat detection while keeping manual scan capability
✓
Whitelist Trusted Sites:
Exclude specific domains from security checks
✓
Clear Local Data:
Remove all cached data and settings from the extension
✓
Uninstall Anytime:
Remove the extension and all associated local data instantly
✓
Request Data Deletion:
Contact us to remove any domain scan records from our servers

How We Protect Your Data

🔒 Encrypted Communications: All API requests use HTTPS/TLS encryption
🔒 Local Processing: Threat detection happens on your device when possible
🔒 No User Tracking: We don't use identifiers to track users across sessions
🔒 Regular Security Audits: Extension code is regularly reviewed for vulnerabilities
🔒 Open Communication: Security issues can be reported to security@scamsandbox.com

Compliance & Standards

We Comply With:

✓ Chrome Web Store Developer Program Policies
✓ General Data Protection Regulation (GDPR)
✓ California Consumer Privacy Act (CCPA)
✓ Manifest V3 Security Requirements

Data Protection Rights:

✓ Right to access your data
✓ Right to correct inaccuracies
✓ Right to request deletion
✓ Right to data portability

Policy Updates

We may update this privacy policy to reflect changes in our extension features or legal requirements. When we make significant changes:

• We'll update the "Last Updated" date at the top
• Major changes will be announced in the extension update notes
• Continued use of the extension constitutes acceptance of updates

Contact Us

Have questions about our privacy practices or want to exercise your data rights? We're here to help:

Privacy Inquiries: privacy@scamsandbox.com

Security Issues: security@scamsandbox.com

General Support: support@scamsandbox.com

Website: scamsandbox.com

Data Controller: ScamSandbox
For GDPR purposes, we are the data controller for any information processed by the extension.