- We only ever see the URL of the page you're visiting — nothing else.
- We never collect your name, email, IP address, or any personal information.
- We never track your browsing history or build a profile of you.
- Scan results are stored locally in your browser only, and cleared when you close the tab.
- We do not sell, rent, or share your data with advertisers or any third party for commercial purposes.
1. Overview
WebShield.AI ("the Extension", "we", "us") is a browser extension that automatically detects phishing and malicious websites as you browse the web. This Privacy Policy explains what information is transmitted when you use the Extension, how it is used, and what we will never do with it.
By installing the Extension you agree to the practices described in this policy. If you do not agree, you may uninstall the Extension at any time from your browser's extension manager.
2. What Information Is Transmitted
When you navigate to a webpage, the Extension sends only the URL of that page to our analysis backend. That is the complete extent of data transmission.
| Data Type | Collected? | Notes |
|---|---|---|
| Page URL | YES | Sent to backend for phishing analysis only |
| Page HTML / content | NO | The backend fetches the page itself; your browser sends no HTML |
| Cookies / session tokens | NO | Never accessed or transmitted |
| Browsing history | NO | Not read or stored |
| IP address | NO | Not logged or stored on the backend |
| Name / email / account info | NO | Extension has no account system |
| Scan result (verdict + score) | LOCAL ONLY | Cached in browser session storage; cleared when tab closes |
3. How the URL Is Used
The URL you visit is used exclusively to run a phishing detection pipeline:
- Rule-based analysis of the URL structure and pattern
- Reputation lookup against Google Safe Browsing and PhishTank databases
- Server-side content fetch and analysis of the target page
- Machine learning model inference based on URL-derived features
After analysis, the backend returns a verdict (SAFE, SUSPICIOUS, or PHISHING) and a risk score. The URL is not logged, stored in a database, or used for any other purpose.
4. Local Data Storage
The Extension stores scan results locally in your browser using
chrome.storage.session. This storage:
- Is scoped to your current browser session only
- Is cleared automatically when the tab is closed
- Never leaves your device
- Contains only: the URL scanned, the verdict, the risk score, and detected flags
No data is written to chrome.storage.local or localStorage.
5. Third-Party Services
Our backend queries the following external threat intelligence services on your behalf. These services receive the URL being scanned — not your identity or any personal data.
- Google Safe Browsing API — Google's threat database. Governed by Google's Privacy Policy.
- PhishTank — Community-sourced phishing URL database. Governed by PhishTank's Privacy Policy.
6. Browser Permissions Explained
The Extension requests the following permissions and uses them only as described:
| Permission | Why It Is Needed |
|---|---|
webNavigation |
To detect when you finish loading a new page so a scan can begin |
activeTab |
To read the URL of the current tab for scanning |
tabs |
To update the extension badge and clear scan cache when a tab closes |
scripting |
To inject the phishing warning banner onto the page if a threat is detected |
storage |
To cache the scan result locally so repeat visits are instant |
<all_urls> |
To scan any website you visit, not just a pre-approved list |
7. Children's Privacy
WebShield.AI does not knowingly collect any personal information from anyone, including children under the age of 13. The Extension contains no account registration, no forms, and no data submission from the user.
8. Changes to This Policy
If we make material changes to this Privacy Policy, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of the Extension after any changes constitutes acceptance of the updated policy.
9. Contact
If you have any questions or concerns about this Privacy Policy, please reach out:
Questions about your data or this policy?
We'll respond within 48 hours.