Last updated: 2 April 2026

Who We Are

ExtShield is a Chrome extension safety scanner developed by Adam Toms Ltd (registered in England and Wales). This privacy policy explains how ExtShield collects, uses, and protects your data.

What Data We Collect

ExtShield collects the minimum data necessary to scan your extensions for security threats:

Data Purpose Where Stored
Extension IDs Identify which extensions to scan On our servers, linked to anonymous session token only
Extension version numbers Detect updates and trigger re-scans On our servers
Anonymous session token Rate limiting and associating scan results with your browser On our servers (UUID, not linked to your identity)

We do NOT collect:

  • Your name, email address, or any account information (no accounts exist)
  • Browsing history, bookmarks, or visited URLs
  • Website content or page data
  • Cookies, passwords, or form data
  • IP addresses (not logged beyond standard server access logs)
  • Analytics, telemetry, or usage tracking beyond the data listed above

How We Use Your Data

  • Extension scanning: Extension IDs and version numbers are used to download extension packages from the Chrome Web Store and run security analysis. The analysis happens entirely on our servers.
  • Displaying results: Scan results (trust scores, findings, status) are returned to the extension and displayed in the popup.
  • Rate limiting: The anonymous session token is used to enforce fair-use rate limits. It is not linked to your identity.

Data Storage and Security

  • All data is transmitted over HTTPS (TLS 1.2+).
  • Scan results and extension metadata are stored on servers hosted in Microsoft Azure (UK South region).
  • Session tokens are randomly generated UUIDs with no link to personal identity.
  • No third-party analytics, advertising, or tracking services are used.

Data Retention

  • Extension scan data: Retained indefinitely to provide version history and detect changes over time.
  • Session tokens: Retained until rotated by the user. You can rotate your session token at any time from the ExtShield settings page, which generates a new token and discards the old one.
  • Server access logs: Standard web server logs are retained for up to 30 days for operational purposes.

Data Sharing

We do not sell, rent, or share your data with any third parties.

Scan results are accessible via the public ExtShield API using the extension ID (not the session token), meaning anyone can look up the scan status of any Chrome Web Store extension by its public ID.

Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and the UK GDPR:

  • Right of access: Request a copy of the data we hold about your session token.
  • Right to erasure: Request deletion of all data associated with your session token. Alternatively, rotating your session token in Settings effectively disassociates your browser from any stored data.
  • Right to restriction: Request that we stop processing your data.
  • Right to portability: Request your data in a machine-readable format.
  • Right to object: Object to processing of your data.

To exercise any of these rights, contact adamtoms@hotmail.co.uk with your session token (visible in ExtShield Settings).

Legal basis for processing: Legitimate interest — providing security scanning services that protect users from malicious browser extensions.

Local Storage

ExtShield stores the following data locally in your browser (via chrome.storage.local):

  • Your preferences (quarantine settings, notification toggles, language)
  • Your anonymous session token
  • Cached scan results for installed extensions
  • Reviewed-findings state (which warnings you've acknowledged)

This data never leaves your browser except for the session token (sent as a header with API requests for rate limiting).

Children's Privacy

ExtShield does not knowingly collect data from children under 13. The extension does not collect personal information from any user.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of ExtShield after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions or requests:

privacy@extshield.io