Privacy Policy

1. Local-first by default

All flagged-link history and your Trusted and Blocked domain lists are stored in your browser's local storage (chrome.storage.local). This data never leaves your device.

Link analysis happens synchronously in the content script as each page loads — there are no per-link network requests and no Safe Browsing-style lookups.

2. No tracking or analytics

Enterprise App Protection includes no analytics, crash reporting, telemetry, or usage tracking of any kind. There are no third-party scripts, pixels, or fingerprinting.

3. No accounts

There are no accounts, no sign-in, and nothing to register. The extension works fully standalone, on a single device.

4. The only network request: the domains database

To stay current with new and changed enterprise app domains, the extension periodically fetches domains.json from a URL configured in Settings (it defaults to this project's repository on Codeberg). This fetch carries no information about you or your browsing — it is a one-way download of a public JSON file.

The extension ships with a bundled copy of domains.json, so it works fully offline immediately after install. You can change or disable the refresh interval (1–168 hours) in Settings.

5. Permissions explained

Chrome requires every extension to declare which permissions it needs. Here is what each one actually does:

• storage — saves your flagged-link history and Trusted/Blocked domain lists in chrome.storage.local, on your device only.
• alarms — schedules the periodic refresh of the domains database described in section 4. It enables no other background activity.
• Read and change data on all websites — the content script inspects the links on pages you visit so it can compare them against the domains database before you click. This happens instantly and locally; no page content is ever sent anywhere.

6. Why we don't ask for cookie consent

Neither the extension nor this website shows a cookie banner. Under the EU ePrivacy Directive (Article 5(3)), storing or accessing information on your device doesn't require consent when it's strictly necessary to provide a service you've actively requested — such as remembering your Trusted domains, your history, or your language and theme preference. None of our local storage is used for advertising, profiling, or analytics, so this exemption applies.

7. Your data, your control

You can review, search, and clear your flagged-link history at any time from the dashboard. Trusting or removing a domain takes effect immediately and is stored only on your device.

8. How long we keep data

Your flagged-link history keeps the most recent 200 entries; older entries are dropped automatically as new ones are added. Your Trusted and Blocked domain lists and preferences are kept until you change them. You can clear any or all of this at any time from the dashboard and Settings, or remove the extension entirely to delete its local storage.

9. Your rights and legal basis

Because all of this data stays on your device and 365DevNet never receives, stores, or has access to it, the rights granted by data protection law — access, correction, erasure, restriction, and portability — are things you already have full and immediate control over, through the dashboard and Settings described above.

Where data protection law applies, the legal basis for this local-only processing is your choice to install and configure the extension (GDPR Article 6(1)(a)) and our legitimate interest in helping protect you from phishing and lookalike links (Article 6(1)(f)). If you have concerns about how your data is handled, you can contact us using the details below, or lodge a complaint with your national data protection supervisory authority.

10. Children's privacy

Enterprise App Protection is not directed at children. Since the extension does not collect personal data from anyone, this applies equally regardless of the user's age.

11. This website

This website does not use cookies, analytics, or any third-party services. Your language and theme preferences are stored in your browser's local storage and are never transmitted.

12. Changes to this policy

If this policy changes, the update will be reflected on this page with a new "last updated" date.

13. Contact

Enterprise App Protection is built and maintained by 365DevNet. For questions about this privacy policy, or to exercise any of the rights described above, email privacy@365devnet.eu. Full company details are available at 365devnet.eu.