Security & Responsible Use Statement

Last Updated: February 4, 2026

At modcore, we prioritize the integrity of your browsing environment and the security of your local data.

• No Remote Execution: modcore tools are designed to run locally. We do not use "remote code injection." All scripts required for the extension to function are bundled within the package (Store version) or the repository (Open-Source version).

• Content Security Policy (CSP): We enforce strict CSP headers to prevent Cross-Site Scripting (XSS). Our extensions are configured to prevent the execution of unauthorized third-party scripts.

• Local Encryption: For tools handling sensitive data (e.g., modcore Authenticator), any encryption keys or secrets are stored locally on your device using browser-native secure storage APIs. modcore does not have "master keys" to your data.

• Responsible Use: Users are prohibited from:

  • Using modcore tools to bypass security measures of third-party websites in a malicious manner.

  • Distributing modified "Distributed Versions" of modcore tools that contain malware or tracking code.

• Vulnerability Reporting: If you discover a security vulnerability, we encourage you to report it responsibly via ngde@web.de.