Privacy Policy
Last updated: February 19, 2026
This Privacy Policy describes how ZeroExfil Browser Protect ("the Extension", "we", "our") handles information when you use our free browser extension. ZeroExfil Browser Protect is a free, standalone community tool developed by Olsson Security (Zurich, Switzerland), the team behind ZeroExfil. It is not part of the full ZeroExfil platform and operates independently.
Summary: ZeroExfil Browser Protect is a free community tool. It does not collect, transmit, or store any personal data. All detection and analysis happens locally in your browser. No data ever leaves your device. No account or subscription is required.
1. What We Access Locally — and What We Don't
To protect you, ZeroExfil Browser Protect analyzes certain data locally in your browser. This data is processed in real time, never stored, and never transmitted outside your device.
What the extension accesses locally (never leaves your browser):
- Clipboard write operations: When a website tries to write to your clipboard, the extension checks the content for dangerous commands (like PowerShell scripts). If a threat is found, it replaces the malicious content with a safe message. The extension does not monitor what you copy — only what websites try to place in your clipboard.
- Page content: The extension reads text and elements on web pages to detect social engineering attacks (such as fake CAPTCHAs that trick you into running commands). This analysis happens entirely in memory and nothing is stored or recorded.
- Browser API calls made by websites: The extension monitors how often websites call certain browser features (Canvas, WebGL, Audio, Navigator, Screen) to detect fingerprinting. It counts the calls but never reads or stores the actual data these APIs return.
- Geolocation requests: When a website asks for your location, the extension returns fake coordinates instead. Your real location is never read, stored, or shared.
What the extension does not access, collect, or transmit — ever:
- Personal information (name, email, address, phone number)
- Browsing history or a record of URLs you visit
- Cookies, authentication tokens, or session data
- Keystrokes, passwords, or form inputs
- IP addresses or real geolocation data
- Device identifiers or fingerprints
- Wallet balances, keys, or seed phrases
2. How the Extension Works
ZeroExfil Browser Protect operates entirely within your browser to detect and block browser-based threats. Specifically:
- Clipboard Protection: The extension monitors clipboard write operations to detect when a malicious website attempts to inject dangerous commands (such as PowerShell or system commands) into your clipboard. When a threat is detected, the malicious content is replaced with a safe warning message. The extension does not read, store, or transmit your clipboard contents.
- ClickFix Detection: The extension scans page elements (such as overlays, instructional text, and UI patterns) to identify social engineering techniques that trick users into running malicious commands. This analysis happens locally using pattern matching against known attack indicators.
- Fingerprinting Detection: The extension monitors when websites attempt to collect your browser fingerprint by intercepting API calls (Canvas, WebGL, Audio, Navigator, Screen). It alerts you when excessive fingerprinting is detected. It does not block or alter the fingerprint data itself.
- Wallet Protection: The extension detects when websites probe for installed cryptocurrency wallet extensions or present fake seed phrase input forms. It does not access your wallet data, balances, or keys.
- Geolocation Spoofing: The extension intercepts geolocation API requests made by websites and returns fake coordinates instead of your real location. Your actual position is never shared with the requesting site. The extension does not store, transmit, or log your real or spoofed coordinates.
- Extension Enumeration Detection: The extension detects when websites attempt to probe for installed browser extensions (such as password managers, VPNs, or ad blockers). This type of probing is used for fingerprinting or to identify attack targets. The extension alerts you when this behavior is detected.
3. Data Storage
The extension stores the following data locally on your device using the browser's chrome.storage.local API:
- Module preferences: Which detection modules you have enabled or disabled.
- Detection statistics: Aggregate counts of detections per module (e.g., "ClickFix detections: 3"). These are anonymous counters with no identifying information.
- Threat scores: Temporary per-tab threat scores that are cleared when you close a tab or navigate to a new page.
- Trusted domains: A list of domains you have chosen to trust, stored locally so your preferences persist across browser sessions.
This data is never transmitted to any server. It stays entirely within your browser's local storage and can be cleared at any time through the extension's popup.
4. Network Communication
ZeroExfil Browser Protect makes zero network requests. The extension:
- Does not communicate with any external servers
- Does not send telemetry or analytics data
- Does not phone home or check for updates outside of the browser's built-in extension update mechanism
- Does not include any third-party SDKs, trackers, or analytics libraries
5. Permissions Justification
The extension requests the following permissions, each for a specific purpose:
- storage: To save your module preferences, trusted domain whitelist, and anonymous detection statistics locally.
- Host permissions (<all_urls>): Required because browser-based attacks can occur on any website. The extension must be able to monitor clipboard operations and detect social engineering patterns on all pages to provide comprehensive protection. The extension does not read, collect, or transmit page content.
6. Content Scripts
The extension injects two content scripts into web pages:
- A main world script that intercepts clipboard API calls, monitors for fingerprinting attempts at the browser API level, and replaces geolocation responses with fake coordinates. This script runs in the page's JavaScript context to detect threats that would otherwise be invisible.
- An isolated world script that analyzes page content for social engineering indicators, detects extension enumeration attempts, displays warning modals, and communicates with the extension's background process.
These scripts only perform threat detection. They do not read, modify, or extract page content for any purpose other than identifying active threats to the user.
7. Trusted Domains
The extension maintains a hardcoded list of trusted domains (such as google.com, github.com, and other major platforms) where clipboard interception is automatically skipped. This list is embedded in the extension's source code and is not configurable remotely.
8. Third-Party Services
ZeroExfil Browser Protect does not use or integrate with any third-party services, APIs, analytics platforms, or advertising networks.
9. Children's Privacy
The extension does not knowingly collect any information from anyone, including children under the age of 13.
10. Changes to This Policy
If we make changes to this Privacy Policy, we will update the "Last updated" date at the top of this page. Continued use of the extension after changes constitutes acceptance of the updated policy.
11. Ongoing Threat Detection Updates
ZeroExfil Browser Protect is actively maintained. We continuously research emerging browser-based attack techniques and release detection updates through the Chrome Web Store and other browser extension stores. These updates add new threat patterns and improve existing detection logic. Updates never change our data handling practices. All detection continues to run locally in your browser with zero data collection.
12. Limitation of Liability
ZeroExfil Browser Protect is provided "as is" and "as available" without warranties of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
Olsson Security, its officers, directors, employees, and agents shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of data, loss of profits, business interruption, or any other damages or losses arising out of or related to your use of or inability to use the extension, even if Olsson Security has been advised of the possibility of such damages.
While we strive to detect and block browser-based threats, no security tool can guarantee complete protection. The extension is not a substitute for safe browsing practices. You acknowledge and agree that your use of the extension is at your own risk.
13. Code Transparency
The extension's source code is unobfuscated and can be inspected after installation. You can examine exactly what the extension does by reviewing its code files directly in your browser's extension directory.
14. Contact
If you have questions about this Privacy Policy or the extension, contact us at:
Olsson Security
Baslerstrasse 77
8048 Zurich, Switzerland