# SAVI. Extension – Permissions Policy
This document explains what permissions the extension requests, why they are needed, and how they are used. We follow a strict least‑privilege approach and do not collect or transmit personal data to external servers.
## Overview
- Data residency: Local only (Chrome storage). No external servers.
- Telemetry/analytics: None.
- Network calls: None (beyond standard browser operations for opening tabs/links).
- Principle: Request only what is necessary for core functionality.
## Permissions Requested
### 1) `contextMenus`
- Purpose: Add a right‑click menu item ("Save to SAVI.") to save selected text directly into a list.
- Scope: Only used to register a parent menu and children entries that mirror the user’s lists.
- Data Flow: Selected text and page URL are read from the browser’s context menu event and stored locally via Chrome storage.
- Security/Privacy: No transmission to third parties.
### 2) `activeTab`
- Purpose: Access the currently active tab’s information (e.g., `pageUrl`, sometimes `tab.title`) when the user triggers a save action.
- Scope: Temporary permission for the active tab in response to user action; not used to read arbitrary pages in the background.
- Data Flow: Page URL (and tab title if available) stored locally with the highlight.
- Security/Privacy: No page content is scraped automatically; only user‑selected text is saved.
### 3) `storage`
- Purpose: Persist highlights, lists, and UI preferences (theme, accessibility) locally.
- Scope: Uses `chrome.storage.local` only.
- Data Flow: Data remains on the user’s device; no sync to external services.
- Security/Privacy: User can export data; no collection by the developer.
## Content Scripts
- Declared: Runs on `http://*/*` and `https://*/*` with `run_at: document_end`.
- Purpose: Lightweight listener to display toasts and facilitate user‑initiated saves.
- Data Read: Only reads user‑selected text by action (via context menu flow). Does not automatically scan pages.
## Background Service Worker
- Purpose: Handle context menu registration, storage updates, and save logic triggered by user actions.
- Data: Processes selected text and page URL, then writes to local storage. May include `timestamp` and `tab.title` to improve note metadata.
## Web Accessible Resources
- Declared: `content.styles.css`, `images/*` for UI assets.
- Purpose: Allow the options page / content UI to load extension assets.
- Security: No sensitive logic exposed via web accessible endpoints.
## Data Retention
- Highlights, lists, and preferences are stored locally in `chrome.storage.local`.
- Users can remove lists or individual highlights at any time from the options UI.
- Users can export data to a text file from the options header (Export button).
## Least‑Privilege & Future Changes
- We audit permissions before each release and keep them minimal.
- If new features require additional permissions, we will:
1. Update this document with justification.
2. Use optional permissions where feasible.
3. Prompt the user and explain the benefit clearly.
## Security Practices
- No remote logging of highlights or browsing activity.
- Only user‑selected text is saved; no background scraping.
- Defensive coding for content scripts (no page DOM mutation beyond toasts/UX helpers).
## Contact & Issues
- Questions or concerns: open an issue in the project repository or via the Chrome Web Store listing.
---
Last updated: 2025‑08‑08