Privacy Policy

Last Updated:  23 December, 2025

Defenza RT TD Chrome Extension – Privacy Policy

Last Updated: January 2025

Overview

This Privacy Policy explains how the Defenza RT TD (Real-Time Threat Detection) Chrome Extension (“Extension”, “we”, “our”) collects, uses, and protects information when you use the Extension. The Extension is designed to enhance browsing security by detecting malicious or unsafe websites in real time.

1. Information Collected by the Extension

1.1 URLs Visited

• What we collect: Website URLs that you navigate to while the Extension is enabled.

• Purpose: To analyze URLs for malware, phishing, and other security threats in real time.

• How: URLs are securely transmitted to Defenza Security’s threat detection API when a page is loaded or a navigation event occurs.

1.2 Authentication Token

• What we collect: An authentication (Bearer) token that you voluntarily provide via the Defenza Security platform.

• Purpose: To authenticate API requests and authorize access to threat detection services.

• Storage: Stored locally in the browser using chrome.storage.local. Tokens are not shared with third parties.

1.3 Extension Preferences

• What we collect: The enabled/disabled state of the Extension.

• Purpose: To preserve user preferences across browser sessions.

• Storage: Stored locally in the browser’s extension storage.

1.4 IP Address

• What we collect: IP addresses may be included automatically in API requests.

• Purpose: Used for standard server operations such as security, abuse prevention, and rate limiting.

• Note: IP addresses are not used for tracking individual users and are not stored separately outside standard server logs.

1.5 Timestamps

• What we collect: Timestamps associated with URL scan requests.

• Purpose: To support threat analysis, logging, and system monitoring.

2. How We Use Collected Information

2.1 Threat Detection and Protection

• URLs are analyzed against Defenza Security’s threat intelligence systems.

• Access to confirmed malicious websites may be blocked.

• Users may be shown warnings for potentially unsafe content.

2.2 Service Improvement

• Aggregated and anonymized scan data may be used to improve detection accuracy and identify emerging threats.

• We do not use collected data for advertising or behavioral profiling.

2.3 User Experience

• Stored preferences ensure consistent protection behavior.

• Authentication tokens allow uninterrupted access to security services.

3. Data Transmission and Storage

3.1 Secure API Communication

• URL scan requests are sent via HTTPS to:
  https://api.defenzasecurity.io/api/v2/scan/url

• All transmissions are encrypted using TLS.

• Requests require valid Bearer token authentication.

3.2 Local Storage

• Authentication tokens and Extension settings are stored locally in the browser.

• No browsing data is stored on third-party servers without a valid security purpose.

3.3 Data Retention

• URLs may be temporarily logged on Defenza Security servers for security analysis and abuse prevention.

• Authentication tokens persist locally until removed by the user or upon uninstalling the Extension.

• Server-side retention follows Defenza Security’s primary privacy policy.

4. Data Sharing and Third Parties

4.1 No Sale of Data

• We do not sell, rent, or trade browsing data or personal information.

4.2 Essential Service Providers

• URLs are shared only with Defenza Security’s API for threat analysis.

• No unrelated third-party analytics, advertising, or tracking services are used.

4.3 Legal Obligations

• Information may be disclosed if required by applicable law or lawful government requests.

• Disclosure may also occur to protect the security, rights, or safety of users or services.

5. User Controls and Rights

5.1 Enabling or Disabling the Extension

• You may enable or disable the Extension at any time.

• When disabled, no URLs are scanned or transmitted.

5.2 Token Control

• You choose whether to provide an authentication token.

• Access can be revoked by removing the token, clearing extension data, or uninstalling the Extension.

5.3 Data Access and Deletion

• You may request access to or deletion of applicable data by contacting us.

• Uninstalling the Extension removes all locally stored data.

6. Security Measures

• Encrypted HTTPS communication for all API requests

• Secure browser storage for authentication tokens

• Restricted access to sensitive data within the Extension’s background context

• Isolation of content scripts from web page scripts

7. Permissions Used

The Extension uses the following Chrome permissions:

• <all_urls> – To analyze visited websites for security threats

• storage – To store authentication tokens and settings locally

• tabs – To detect URL changes and navigation events

• activeTab – To display warnings on the current page

• scripting – To inject security warnings when needed

• webRequest – Declared for potential future use; not actively used at this time

8. Children’s Privacy

The Extension is not intended for users under the age of 13. We do not knowingly collect data from children.

9. Policy Updates

We may update this Privacy Policy periodically. Changes will be reflected by updating the “Last Updated” date and, where appropriate, notifying users via the Extension or website.

10. Contact Information

For questions or requests regarding this Privacy Policy:

• Email: contact@encryptarx.in

• Website: https://www.defenzasecurity.com

• Location: Odisha, Cuttack, India

11. Compliance

This Extension is designed to comply with:

• Chrome Web Store Developer Program Policies

• GDPR (where applicable)

• CCPA (where applicable)

By using the Defenza RT TD Chrome Extension, you acknowledge that you have read and understood this Privacy Policy.

Sensitivity & Compliance Review (Important)

Here are the potentially sensitive or review-critical points you should be aware of:

1. <all_urls> Permission (High Scrutiny)

• This is acceptable for security extensions, but Chrome reviewers will expect:

  • Clear justification (you’ve done this well)

  • Behavior to strictly match description

• Make sure your code does not collect page content, form data, or cookies.

2. URL Logging on Servers

• Saying URLs “may be logged” is fine, but:

  • Avoid indefinite retention

  • Ideally define a retention window (e.g., “retained for up to X days”)

• Chrome reviewers like explicit limits.

3. IP Address Mention

• This is okay, but calling out that IPs are “not used for tracking” is good (already done).

• Avoid implying IP-based user profiling.

4. webRequest Permission (Risky)

• Declaring but “not actively used” can cause rejection.

• Recommendation:

  • Remove it if unused, or

  • Clearly state what future security purpose it may serve.

5. Token Storage

• Storing tokens in chrome.storage.local is acceptable.

• Ensure tokens:

  • Are never logged

  • Are never accessible to content scripts

6. Children’s Privacy

• Statement is compliant.

• No additional COPPA obligations since this is not child-targeted.