Privacy Policy
Zero Data Collection - 100% Transparent
Effective Date: February 4, 2026
TL;DR - The Short Version
- We collect ZERO data. None. Zilch. Nada.
- Everything runs locally in your browser
- No external servers - no API calls, no tracking
- No analytics - we don't know who uses this
- 100% open source - you can verify this yourself
- Your privacy is analyzed but never compromised
Introduction
HowsMyPrivacy ("we", "our", or "the extension") is a browser extension that analyzes your browser's privacy and security posture. This Privacy Policy explains our data practices - or more accurately, our complete lack of data collection.
We built this extension because we care deeply about privacy. It would be hypocritical for a privacy tool to track you, so we don't. At all.
What Data We Collect
HowsMyPrivacy does not collect, store, transmit, or share any user data whatsoever.
To be crystal clear, we do NOT collect:
- Personally identifiable information (name, email, address, etc.)
- Browsing history or website URLs
- IP addresses or location data
- Cookies or cookie content
- User behavior or usage statistics
- Device information or browser fingerprints
- Any form of analytics or telemetry
- Crash reports or error logs
- Search queries or form data
What Data We Access (But Don't Collect)
There's an important distinction between accessing data to analyze it locally and collecting data by transmitting it to servers. HowsMyPrivacy accesses certain data to perform privacy analysis, but this data:
- Stays entirely in your browser
- Is never transmitted to external servers
- Is processed temporarily for analysis
- Is discarded after analysis (unless you save scan results locally)
Data Accessed for Analysis:
| Data Type | Purpose | Storage |
|---|---|---|
| Cookie Metadata | Count cookies and detect third-party trackers | Not stored - analyzed in real-time |
| Network Requests | Identify tracking scripts (Analytics, ads, etc.) | Not stored - analyzed in real-time |
| Browser Settings | Check Do Not Track, WebRTC, privacy settings | Not stored - read-only access |
| Current Page URL | Determine what website is being analyzed | Stored locally only if you save scan results |
| Security Headers | Verify HTTPS, CSP, mixed content | Not stored - analyzed in real-time |
Think of HowsMyPrivacy like browser DevTools - it inspects your browser to show you information, but doesn't send that information anywhere. The analysis happens locally and stays local.
Local Storage
HowsMyPrivacy uses your browser's local storage (chrome.storage.local) to store:
- Scan Results: Privacy scores and issues found (only if you enable scan history)
- User Settings: Your preferences and configuration options
- UI State: Interface preferences (theme, animations, etc.)
This data is stored exclusively in your browser on your device. It is:
- Never transmitted to external servers
- Never accessible to us or anyone else
- Deleted when you uninstall the extension
- Clearable at any time through extension settings
Third-Party Services
HowsMyPrivacy does NOT use any third-party services, including:
- No analytics services (Google Analytics, Mixpanel, etc.)
- No crash reporting tools (Sentry, Bugsnag, etc.)
- No advertising networks
- No CDNs for code delivery
- No external APIs or web services
- No social media integrations
All code runs locally. No external connections are made. Period.
Permissions Explained
HowsMyPrivacy requires certain browser permissions to function. Here's exactly why each permission is needed and how it's used:
cookies
Why: To count cookies and identify third-party trackers
What we access: Cookie metadata (domain, expiration, flags)
What we DON'T access: Cookie content or values
Data transmission: None
storage
Why: To save your scan results and settings locally
What we store: Privacy scores, user preferences
Where it's stored: Your browser only (local storage)
Data transmission: None
tabs
Why: To know which website to analyze
What we access: Current tab URL
What we DON'T access: Tab content, history, or other tabs
Data transmission: None
webRequest
Why: To detect tracking scripts and network requests
What we access: Request URLs and types (read-only)
What we DON'T do: Modify, block, or intercept requests
Data transmission: None
privacy
Why: To check browser privacy settings
What we access: Do Not Track, WebRTC settings (read-only)
What we DON'T do: Modify any settings
Data transmission: None
<all_urls> (Host Permission)
Why: To analyze privacy on any website you visit
What we access: Current page for analysis
When it runs: Only when you click the extension icon or enable auto-scan
Data transmission: None
Data Retention
Since we don't collect data, we don't retain data. However, for data stored locally in your browser:
- Scan Results: Kept until you clear them or uninstall the extension
- User Settings: Kept until you reset them or uninstall the extension
- Scan History: Auto-deleted based on your retention settings (7/30/90 days or never)
You can manually clear all data at any time through the extension settings.
Data Sharing
We don't collect data, so we can't share data. Simple as that.
Your privacy analysis results are yours and yours alone. They:
- Never leave your browser
- Are never sent to us or anyone else
- Are never sold, shared, or monetized
- Remain completely private
Children's Privacy
HowsMyPrivacy does not collect data from anyone, including children under 13. Since we don't collect any data, we are inherently compliant with COPPA (Children's Online Privacy Protection Act) and similar regulations.
International Users
HowsMyPrivacy can be used anywhere in the world. Since all processing happens locally in your browser and no data is transmitted, there are no cross-border data transfer issues. Your data never leaves your device, regardless of your location.
We comply with international privacy regulations including:
- GDPR (European Union)
- CCPA (California)
- PIPEDA (Canada)
- Privacy Act (Australia)
Compliance is easy when you don't collect data.
Your Rights
Even though we don't collect data, here are your rights:
- Right to Access: All your data is in your browser - you already have full access
- Right to Deletion: Clear data through settings or uninstall the extension
- Right to Portability: Export your settings as JSON through the settings page
- Right to Opt-Out: Not applicable - there's nothing to opt out of
Open Source Transparency
HowsMyPrivacy is 100% open source. You can verify everything in this privacy policy by:
- Reviewing the source code on GitHub
- Inspecting the extension files on your computer
- Using browser DevTools to monitor network activity (you'll see zero external requests)
- Checking the manifest.json for required permissions
We encourage security researchers and privacy advocates to audit our code.
Changes to This Policy
If we ever change our data practices (spoiler: we won't, because zero is a pretty good number), we will:
- Update this page with the new policy
- Update the "Last Updated" date at the top
- Notify users through a release note on GitHub
- Require explicit consent for any data collection (which won't happen)
You can monitor changes by watching our GitHub commit history.
Contact Us
If you have questions about this privacy policy or our data practices (or lack thereof), you can reach us:
- Email: support@notfoundsec.com
- GitHub Issues: Open an issue
- Website: notfoundsec.com
Legal Compliance
This extension complies with:
- Chrome Web Store Developer Program Policies
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Children's Online Privacy Protection Act (COPPA)
- All applicable privacy and data protection laws
Registered in: United States
Developer: NotFoundSec
Contact: support@notfoundsec.com
We built HowsMyPrivacy to help you understand and improve your privacy. We will never compromise your privacy by collecting your data. That's not just a policy - it's our core principle. If we ever change this, we'll shut down the extension rather than betray your trust.