# Privacy Policy: ʀᴜɢɢᴇᴅ Chrome Extension
**Last Updated**: 2025-11-05
**Version**: 2.34
---
## 1. Purpose & Scope
The ʀᴜɢɢᴇᴅ Chrome extension is an **internal customer service tool** designed exclusively for authorised employees of your organisation. This extension is not intended for public use and is distributed to employees only.
**Key Points**:
- **Authorised Users**: Customer service agents and authorised employees only
- **Purpose**: Enhances internal customer service processes, improves agent productivity, and streamlines workflow management
- **Distribution**: Unlisted Chrome Web Store listing, accessible only via direct link to authorised personnel
- **Scope**: Internal business operations supporting customer service functions
---
## 2. Data Collection & Storage
### 2.1 Local Data Storage
The extension stores the following data **locally** in your browser using the Chrome Storage API:
| Data Type | Purpose | Storage Location | Retention |
|-----------|---------|------------------|-----------|
| Agent Preferences | Feature toggle settings, UI customisation | Chrome Local Storage | Until manually cleared or extension uninstalled |
| Session Data | Temporary workflow state, active tabs | Chrome Session Storage | Until browser/tab closed |
**Important**: The extension does **NOT** collect, store, or transmit customer personally identifiable information (PII). No customer names, account balances, transaction details, or sensitive personal data are stored by this extension.
### 2.2 Usage Analytics (Firebase)
The extension uses **Firebase Analytics** to collect anonymised usage data for internal product improvement purposes.
**Data Collected**:
- Feature activation events (e.g., "Transaction Reference Highlighter enabled")
- Button clicks and workflow interactions (e.g., "Account Search executed")
- Feature usage frequency and patterns
- Extension load/unload events
**Data NOT Collected**:
- Customer personally identifiable information (PII)
- Customer account numbers, transaction reference numbers, or transaction amounts
- Customer names, email addresses, or contact information
- Account balances or financial data
**Purpose**: Usage analytics help our product team understand which features agents find most useful, enabling us to improve tool effectiveness and prioritise enhancements.
**Data Sharing**: Analytics data is stored in Firebase infrastructure and is **NOT shared** with external third parties outside our organisation.
### 2.3 Account Search Feature Analytics
The Account Search feature collects anonymised usage analytics to help us improve the tool. We track:
- How often agents use the Account Search feature
- Which product categories are accessed
- Error types encountered (e.g., "required system unavailable")
We do NOT collect:
- Customer names, account numbers, or any personally identifiable customer information
- Agent personal information (name, email, employee ID)
- Chat content or conversation details
- Financial or transaction data
All analytics data is sent to Firebase Analytics with an anonymous extension installation identifier. No data is shared with third parties outside our organisation.
---
## 3. Permissions Justification
The extension requests the following Chrome permissions, each justified for specific customer service workflows:
### 3.1 Permission: `tabs` & `activeTab`
**Purpose**: Access customer account pages across internal platforms
**Customer Service Use Cases**:
- Navigate between customer accounts while assisting multiple inquiries
- Apply workflow enhancements to active customer service tabs
- Manage browser tabs for multi-tasking agents
**Data Access**: The extension reads tab URLs and titles to determine which internal platform is active. No customer data from tab content is transmitted externally.
---
### 3.2 Permission: `scripting`
**Purpose**: Inject customer service productivity features into internal platform interfaces
**Customer Service Use Cases**:
- Highlight transaction reference numbers for quick customer enquiry lookup
- Enhance account search functionality
- Add quick action buttons for common workflows (status updates, account flags)
- Inject workflow automation scripts without modifying platform code
**Data Access**: Scripts read DOM elements to identify actionable items (e.g., transaction references, account identifiers). No customer data is collected or transmitted.
---
### 3.3 Permission: `storage`
**Purpose**: Store agent-specific preferences and session data locally
**Customer Service Use Cases**:
- Save feature toggle preferences (e.g., "Always enable Transaction Reference Highlighter")
- Retain UI customisation settings
- Cache workflow templates for faster access
**Data Access**: Only agent preferences and session state are stored locally. No customer PII is stored.
---
### 3.4 Permission: `clipboardWrite`
**Purpose**: Allow agents to quickly copy customer reference information
**Customer Service Use Cases**:
- Copy transaction references, account identifiers, or reference numbers when assisting customers
- Reduce manual typing errors when documenting customer interactions
- Speed up data entry for customer support tickets
**Data Access**: Only data explicitly copied by agents is written to clipboard. No automatic data collection occurs.
---
### 3.5 Permission: `windows`
**Purpose**: Manage browser window organization for multi-tasking agents
**Customer Service Use Cases**:
- Organize customer inquiry windows for simultaneous handling
- Restore window layouts for common workflows
- Navigate between multiple customer accounts efficiently
**Data Access**: Window metadata (position, size) only. No customer data accessed.
---
### 3.6 Permission: `contextMenus`
**Purpose**: Provide right-click shortcuts for common customer service actions
**Customer Service Use Cases**:
- Right-click to search customer account by highlighted text
- Quick-access context menu for transaction reference lookup
- Copy reference numbers via context menu
**Data Access**: Only selected text when agent invokes context menu. No automatic data collection.
---
### 3.7 Permission: `notifications`
**Purpose**: Alert agents to important events without disrupting workflow
**Customer Service Use Cases**:
- Notify agents of extension changelog updates
- Alert to system notifications or feature announcements
- Display non-intrusive reminders for workflow completion
**Data Access**: No customer data involved. Notifications display internal tool messages only.
---
### 3.8 Permission: `cookies`
**Purpose**: Read authentication cookies to maintain agent session state
**Customer Service Use Cases**:
- Maintain agent authentication across internal platforms
- Enable seamless navigation between customer accounts without repeated logins
- Preserve workflow state when switching between internal tools
**Data Access**: Only authentication cookies for internal platforms. No customer data from cookies is collected or transmitted.
---
## 4. Host Permissions Explanation
The extension requires access to the following domains to function properly:
### 4.1 Internal Business Domains
The extension requires access to multiple internal business system domains (using `.prd.internal` and `.nxt.internal` patterns for production and testing environments).
**Purpose**: These are **internal company systems** accessible only to authorised employees. The extension enhances customer service agent workflows on these platforms by injecting productivity tools and automation features.
**Clarification**: These domains are not public websites. They are proprietary internal business systems used for customer service operations.
---
### 4.2 Third-Party Customer Service Platforms
The extension requires access to third-party customer service platform domains used by our organisation.
**Purpose**: These third-party platforms are used for customer service operations. The extension enhances agent productivity on these interfaces.
---
### 4.3 Collaboration Tools
The extension requires access to internal communication platform domains.
**Purpose**: These platforms are used for internal team communication. The extension may provide quick-access shortcuts or workflow integrations for customer service co-ordination.
---
### 4.4 Host Permissions Disclaimer
**Important**: The extension does **NOT** access public websites or facilitate customer transactions. All host permissions are limited to internal business systems and authorised third-party platforms used for customer service operations.
---
## 5. Third-Party Services
### 5.1 Firebase Analytics
**Service**: Google Firebase (https://firebase.google.com)
**Purpose**: Anonymised tool usage analytics for internal product improvement
**Data Collected**:
- Feature activation events (e.g., "Transaction Reference Highlighter toggled")
- Button clicks and workflow interactions
- Feature usage frequency
**Data NOT Collected**:
- Customer personally identifiable information (PII)
- Customer account details, balances, or transaction data
**Data Retention**: Analytics data is retained in accordance with Firebase's data retention policies (typically 14 months for event data)
**Data Sharing**: Analytics data is stored in Firebase infrastructure and is **NOT shared** with external third parties outside our organisation and Google's Firebase service.
---
### 5.2 Chrome Web Store
**Service**: Google Chrome Web Store (https://chrome.google.com/webstore)
**Purpose**: Extension distribution and automatic updates
**Data Collected**: Chrome Web Store may collect standard installation metrics (number of installs, uninstalls, crashes) as part of the Chrome extension ecosystem. This data is managed by Google and not controlled by our organisation.
---
## 6. Service Scope Disclaimer
**Explicit Statement**: This extension does **NOT** facilitate, promote, or enable customer transactions.
**Clarification**:
- The extension is designed to **assist employees** in providing customer service
- The extension does **NOT enable end-users** to conduct transactions
- All functionality is for **internal business operations** supporting customer service workflows
- The extension does not process customer transactions or provide services to end-users
**Industry Context**: This extension is a **business operations tool** for employees supporting customers, not a customer-facing service.
---
## 7. Data Security
### 7.1 Local Data Protection
- All locally stored data (preferences, session data) is protected by Chrome's built-in security mechanisms
- Data is isolated to your browser profile and not accessible to other users or extensions without permission
### 7.2 Transmission Security
- Firebase Analytics data is transmitted over HTTPS (encrypted connections)
- Authentication cookies for internal platforms are transmitted over secure internal networks
### 7.3 Employee Responsibilities
- Employees must follow company security policies when using this extension
- Do not share extension installation links with unauthorised individuals
- Report any suspicious behaviour or security concerns to IT security team
---
## 8. User Rights & Controls
### 8.1 Data Deletion
- **Local Data**: Uninstalling the extension or clearing Chrome storage will delete all local preferences and session data
- **Firebase Analytics**: Contact your IT support to request deletion of Firebase analytics data associated with your user identifier
### 8.2 Opt-Out
- Employees may request to opt out of Firebase analytics tracking by contacting IT support
- Note: Opting out may limit our ability to provide technical support or improve tool functionality
### 8.3 Access Requests
- Employees may request access to their stored data by contacting IT support
---
## 9. Policy Updates
This privacy policy may be updated periodically to reflect changes in:
- Extension functionality
- Data collection practices
- Legal or regulatory requirements
- Chrome Web Store policy updates
**Notification**: Employees will be notified of material changes via:
- Extension changelog notifications
- Internal communication channels
- Updated policy posted at https://sites.google.com/view/rugged-privacy-policy/home
**Effective Date**: Changes take effect immediately upon publication unless otherwise specified.
---
## 10. Contact Information
For questions, concerns, or requests regarding this privacy policy or the extension's data practices:
**For Authorised Users:**
Contact the relevant tech support channel within your organisation for assistance with this extension.
**Privacy Enquiries:**
Data privacy concerns should be directed to your organisation's Data Protection Officer through your company's standard internal channels.
---
*This is an internal business tool. Support is provided exclusively through your organisation's internal support infrastructure.*
---
## 11. Compliance & Governance
This extension and privacy policy comply with:
- Chrome Web Store Program Policies (2025)
- Internal organisational data policies
- Applicable privacy regulations
**Internal Audit**: This extension undergoes periodic internal security and compliance reviews.
---
## 12. Acknowledgment
By using this extension, employees acknowledge:
- This is an internal business tool for authorised use only
- Usage is subject to company policies and acceptable use guidelines
- The extension is provided for customer service operations and must not be misused
---
**Document Version**: 1.0
**Ratified**: 2025-10-13
**Next Review**: 2025-10-13 (12 months from ratification)