Privacy Principles

• Collect only data needed for authentication, licensing, billing, and support workflows.
• Do not sell browsing or account data.
• Keep lock enforcement local to the browser profile whenever possible.

Data We Store

• Local: lock settings, runtime lock state, and hashed PIN/recovery records.
• Account: email, license state, device records, billing status, and support tickets.
• Activity logs for security and troubleshooting with retention controls.

Permissions

• Tabs/page access: to apply lock overlays on lockable pages.
• Storage/timers: to keep settings and run relock rules.
• Auth/billing APIs: to validate account plans and cloud actions.

Security Commitments

• Production billing state changes require verified Razorpay webhooks.
• Sensitive tokens are never returned in production when DEV_MODE is disabled.

Policy Updates

• This policy may change as security controls evolve.
• Updated policy text may be shipped through extension or portal updates.