Privacy Policy

Last updated: May 2025

ClickSafe is a browser extension designed to protect your privacy. This policy explains what data the extension accesses, what it does with it, and what it never does.

What ClickSafe accesses

• URLs of links you hover over, to check them against a local hash-prefix list before any network request is made.
• URLs of files you download, to verify them against Google Safe Browsing.
• Cookies set on pages you visit, to identify tracking cookies and factor them into your privacy score.
• Page content (DOM), to detect dark patterns such as fake urgency timers and pre-ticked checkboxes.

What ClickSafe never does

• Never sends the full URL of every page you visit to any server.
• Never stores your browsing history remotely.
• Never sells or shares any data with third parties.
• Never uses your data for advertising.

How link checking works (and why it's private)

ClickSafe uses a three-tier approach. First, it checks a local hash-prefix list stored in your browser — no network request is made at this stage. Only if a local match is found does it send a full hash (not the URL itself) to our backend for confirmation against Google Safe Browsing. Your full URL is never transmitted unless you explicitly click through a warning.

Backend and caching

Our backend receives hashed URL data only when a potential threat is detected locally. Results are cached for 24 hours so repeat checks don't generate additional requests. The backend does not log IP addresses beyond what is required for rate limiting.

Local storage

ClickSafe stores your settings, whitelist, and cached safety results in chrome.storage.local — this data never leaves your device except as described above.

Contact

Questions about this policy? Email us at support@clicksafe.dev.