Privacy Policy for Email Phishing Detector

Effective Date: December 8, 2024

Last Updated: December 8, 2024

1. Introduction

Email Phishing Detector ("we", "our", or "the extension") is committed to protecting your privacy. This Privacy Policy explains how we handle information when you use our Chrome browser extension.

2. Information We Collect

Email Phishing Detector analyzes email content to detect potential phishing attempts. The information we access includes:

• Email sender information (name and email address)
• Email subject lines
• Email body content (text and HTML)
• Links and URLs contained within emails
• Email headers and metadata
• Attachment information (names and types, not contents)

3. How We Use Information

We use the information accessed to:

• Analyze emails for phishing indicators and threats
• Display risk scores and security warnings
• Identify suspicious links and sender patterns
• Provide you with detailed security analysis

We do NOT:

• ❌ Send your emails to external servers
• ❌ Store your email content anywhere
• ❌ Share your data with third parties
• ❌ Track your browsing activity outside of email providers
• ❌ Sell or monetize your personal information
• ❌ Use your emails for marketing purposes

4. Data Storage

We store minimal data locally in your browser using Chrome's storage API. This data includes:

• Extension Settings: Your preferences for notifications, extension enable/disable status
• Premium Status: Whether you have an active premium subscription
• Scan Usage Counters: Number of scans performed (for free tier limits)
• Custom Block Lists: Domains you've manually added to your block list (premium feature)

This data is stored locally on your device and is NOT synchronized to external servers.

5. Third-Party Services

5.1 Stripe Payment Processing

When you upgrade to Premium, payment processing is handled securely by Stripe, Inc. We redirect you to Stripe's secure payment page for all transactions.

• We do NOT store your credit card information
• We do NOT have access to your full payment details
• All payment data is handled exclusively by Stripe

Please review Stripe's privacy policy at: https://stripe.com/privacy

5.2 Email Providers

This extension works with the following email providers:

• Gmail (mail.google.com)
• Outlook / Hotmail (outlook.live.com, outlook.office.com)
• Yahoo Mail (mail.yahoo.com)
• ProtonMail (mail.protonmail.com, mail.proton.me)

We access these sites only to analyze emails for phishing detection. We do not interact with these providers' servers or transmit your data to them.

6. Browser Permissions Explained

Our extension requests the following Chrome permissions. Here's why we need each one:

• activeTab: To analyze the email you're currently viewing
• storage: To save your preferences, settings, and premium status locally
• scripting: To inject phishing detection scripts into email pages
• webNavigation: To detect when you navigate to email messages
• Host permissions (email providers): To access and analyze emails on supported providers
• Host permissions (https://*/*): For premium users only - to provide active link protection by intercepting clicks on suspicious links

7. Data Security

We take security seriously:

• All phishing detection algorithms run locally in your browser using JavaScript
• Your email data never leaves your browser
• No network requests are made with your email content
• The extension is open source - you can review the code yourself

8. Your Rights and Choices

You have complete control over this extension:

• Disable anytime: Turn off the extension from Chrome settings
• Uninstall: Remove the extension to delete all locally stored data
• Configure settings: Control which features are enabled
• Review code: Our code is open source and available for inspection

9. Premium Subscriptions

If you purchased our Premium plan:

• Payment is processed through Stripe's secure platform
• We store only your premium status (true/false) locally
• We do NOT store your payment information
• You can cancel anytime through Stripe's customer portal
• Refunds are handled according to our refund policy

10. Children's Privacy

Email Phishing Detector is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us to have it removed.

11. International Users

This extension can be used worldwide. Since all processing happens locally in your browser, your data never crosses international borders through our service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• Material changes will be communicated through the Chrome Web Store listing
• Continued use of the extension after changes constitutes acceptance of the updated policy

13. Data Retention

We do not retain your email data. The only data we store locally includes:

• User preferences (retained until you change them or uninstall)
• Premium status (retained for the duration of your subscription)
• Scan counters (reset monthly for free users)

14. Legal Basis for Processing (GDPR)

For users in the European Union, our legal basis for processing your information is:

• Consent: You install and use the extension voluntarily
• Legitimate Interest: To provide phishing detection services you requested
• Contract: To fulfill premium subscription services if purchased

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: magicalduckstudios@gmail.com

16. Compliance

This extension complies with:

• Chrome Web Store Developer Program Policies
• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Other applicable privacy laws and regulations