Privacy Policy
Last updated: February 10, 2026
This Privacy Policy describes how ZeroExfil Browser Protect ("the Extension", "we", "our") handles information when you use our free browser extension. ZeroExfil Browser Protect is a free, standalone community tool developed by Olsson Security (Zurich, Switzerland), the team behind ZeroExfil. It is not part of the full ZeroExfil platform and operates independently.
Summary: ZeroExfil Browser Protect is a free community tool. It does not collect, transmit, or store any personal data. All detection and analysis happens locally in your browser. No data ever leaves your device. No account or subscription is required.
1. Information We Do Not Collect
ZeroExfil Browser Protect does not collect, access, or transmit any of the following:
- Personal information (name, email, address, phone number)
- Browsing history or URLs you visit
- Content of web pages you view
- Clipboard data or text you copy
- Cookies, authentication tokens, or session data
- Keystrokes or form inputs
- IP addresses or geolocation data
- Device identifiers or fingerprints
2. How the Extension Works
ZeroExfil Browser Protect operates entirely within your browser to detect and block browser-based threats. Specifically:
- Clipboard Protection: The extension monitors clipboard write operations to detect when a malicious website attempts to inject dangerous commands (such as PowerShell or system commands) into your clipboard. When a threat is detected, the malicious content is replaced with a safe warning message. The extension does not read, store, or transmit your clipboard contents.
- ClickFix Detection: The extension scans page elements (such as overlays, instructional text, and UI patterns) to identify social engineering techniques that trick users into running malicious commands. This analysis happens locally using pattern matching against known attack indicators.
- Fingerprinting Detection: The extension monitors when websites attempt to collect your browser fingerprint by intercepting API calls (Canvas, WebGL, Audio, Navigator, Screen). It alerts you when excessive fingerprinting is detected. It does not block or alter the fingerprint data itself.
- Wallet Protection: The extension detects when websites probe for installed cryptocurrency wallet extensions or present fake seed phrase input forms. It does not access your wallet data, balances, or keys.
- Geolocation Spoofing: The extension intercepts geolocation API requests made by websites and returns fake coordinates instead of your real location. Your actual position is never shared with the requesting site. The extension does not store, transmit, or log your real or spoofed coordinates.
- Extension Enumeration Detection: The extension detects when websites attempt to probe for installed browser extensions (such as password managers, VPNs, or ad blockers). This type of probing is used for fingerprinting or to identify attack targets. The extension alerts you when this behavior is detected.
3. Data Storage
The extension stores the following data locally on your device using the browser's chrome.storage.local API:
- Module preferences: Which detection modules you have enabled or disabled.
- Detection statistics: Aggregate counts of detections per module (e.g., "ClickFix detections: 3"). These are anonymous counters with no identifying information.
- Threat scores: Temporary per-tab threat scores that are cleared when you close a tab or navigate away.
This data is never transmitted to any server. It stays entirely within your browser's local storage and can be cleared at any time through the extension's popup.
4. Network Communication
ZeroExfil Browser Protect makes zero network requests. The extension:
- Does not communicate with any external servers
- Does not send telemetry or analytics data
- Does not phone home or check for updates outside of the browser's built-in extension update mechanism
- Does not include any third-party SDKs, trackers, or analytics libraries
5. Permissions Justification
The extension requests the following permissions, each for a specific purpose:
- storage: To save your module preferences and anonymous detection statistics locally.
- webNavigation: To reset threat scores when you navigate to a new page, ensuring detections from one site don't carry over to another.
- Host permissions (<all_urls>): Required because browser-based attacks can occur on any website. The extension must be able to monitor clipboard operations and detect social engineering patterns on all pages to provide comprehensive protection.
6. Content Scripts
The extension injects two content scripts into web pages:
- A main world script that intercepts clipboard API calls, monitors for fingerprinting attempts at the browser API level, and replaces geolocation responses with fake coordinates. This script runs in the page's JavaScript context to detect threats that would otherwise be invisible.
- An isolated world script that analyzes page content for social engineering indicators, detects extension enumeration attempts, displays warning modals, and communicates with the extension's background process.
These scripts only perform threat detection. They do not read, modify, or extract page content for any purpose other than identifying active threats to the user.
7. Trusted Domains
The extension maintains a hardcoded list of trusted domains (such as google.com, github.com, and other major platforms) where clipboard interception is automatically skipped. This list is embedded in the extension's source code and is not configurable remotely.
8. Third-Party Services
ZeroExfil Browser Protect does not use or integrate with any third-party services, APIs, analytics platforms, or advertising networks.
9. Children's Privacy
The extension does not knowingly collect any information from anyone, including children under the age of 13.
10. Changes to This Policy
If we make changes to this Privacy Policy, we will update the "Last updated" date at the top of this page. Continued use of the extension after changes constitutes acceptance of the updated policy.
11. Ongoing Threat Detection Updates
ZeroExfil Browser Protect is actively maintained. We continuously research emerging browser-based attack techniques and release detection updates through the Chrome Web Store and other browser extension stores. These updates add new threat patterns and improve existing detection logic. Updates never change our data handling practices. All detection continues to run locally in your browser with zero data collection.
12. Limitation of Liability
ZeroExfil Browser Protect is provided "as is" and "as available" without warranties of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
Olsson Security, its officers, directors, employees, and agents shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of data, loss of profits, business interruption, or any other damages or losses arising out of or related to your use of or inability to use the extension, even if Olsson Security has been advised of the possibility of such damages.
While we strive to detect and block browser-based threats, no security tool can guarantee complete protection. The extension is not a substitute for safe browsing practices. You acknowledge and agree that your use of the extension is at your own risk.
13. Open Source
The extension's source code is available for review. You can inspect exactly what the extension does by examining its code.
14. Contact
If you have questions about this Privacy Policy or the extension, contact us at:
Olsson Security
Baslerstrasse 77
8048 Zurich, Switzerland