Browser Extension Privacy Policy
Last Updated: February 2026
This policy describes the data practices specific to the DataScoop Insights browser extension for Google Chrome. This policy supplements our main Privacy Policy.
1. Data We Collect
The DataScoop Insights extension collects and processes the following information:
| Data Type | Description | Purpose |
|---|---|---|
| Application Numbers | Application identifiers you enter manually or that are automatically extracted from supported pages you are viewing | To retrieve and display risk assessments |
| Application Data | Structured field data extracted from the page you are actively viewing, based on a server-provided configuration | To provide additional context for more accurate risk assessments |
| Active Tab URL | The hostname of the browser tab you are currently viewing when you initiate an assessment | To determine whether the current page is supported and which data extraction rules apply |
| Authentication Credentials | OAuth tokens obtained when you sign in with your DataScoop account | To authenticate API requests on your behalf |
| User Profile Information | Email address and basic profile from your DataScoop account | To identify your session and permissions |
| User Feedback | Positive or negative ratings you submit for specific assessments | To improve the accuracy of our future responses |
2. Data We Do NOT Collect
The DataScoop Insights extension does not collect, store, or transmit:
- Browsing history or activity on websites other than supported platforms
- Personal files or documents on your computer
- Keystrokes, passwords, or form data outside of supported platforms
- Data from websites other than the supported platforms you are actively using
- Analytics, telemetry, or usage tracking data
The extension only reads page data from supported platforms when you explicitly initiate an assessment by clicking the Search button. It does not passively monitor or collect data in the background.
3. How We Use Your Data
- Application Numbers are sent to our secure API to retrieve risk assessment data, which is then displayed in the extension's side panel.
- Data extracted from the page is sent alongside the application number to our secure API. This data provides additional context that improves the accuracy of risk assessments. It is not stored on your device but is retained on our servers for compliance purposes.
- Active Tab URL hostnames are used locally within the extension to determine whether the current page is supported. Only the hostname is used; full page URLs are not transmitted to our servers.
- Authentication Tokens are used solely to verify your identity and authorize access to risk assessment data.
- Profile Information is used only to establish your authenticated session.
- User Feedback is transmitted to our secure servers and used to understand effectiveness of our responses and improve future responses.
4. Data Storage
| Data | Storage Location | Retention |
|---|---|---|
| Authentication tokens | Browser session storage | Automatically deleted when you close your browser |
| Extracted data | Device: memory only (not persisted) Server: retained for compliance |
Transmitted to our API during the assessment request; not stored on your device but retained on our servers for compliance purposes |
| Data extraction configuration | Memory only (in-memory cache) | Cached for up to 10 minutes for performance; cleared when the browser is closed or the extension is restarted |
We do not store any data on your device permanently. All session data is automatically cleared when your browser is closed.
5. Browser Permissions
The extension requests the following permissions:
| Permission | Why It's Needed |
|---|---|
| identity | To authenticate you with your DataScoop account using secure OAuth 2.0 |
| storage | To temporarily store authentication tokens in session storage |
| scripting | To extract data fields from supported pages when you initiate an assessment |
| sidePanel | To display the risk assessment interface in a side panel |
6. Third-Party Services
The extension uses AWS Cognito for authentication. When you sign in, you are authenticating directly with AWS Cognito, which is subject to the AWS Privacy Policy. We receive only the authentication tokens and basic profile information necessary to verify your identity.
7. Your Rights and Controls
You can:
- Close your browser to automatically delete all session data
- Uninstall the extension to remove it completely from your browser
- Request data deletion by contacting us
8. Data Security
- All authentication uses OAuth 2.0 with PKCE (Proof Key for Code Exchange) for enhanced security
- Tokens are stored only in browser session storage, never in persistent local storage
- All network communication is encrypted with TLS
- The extension does not store, log, or cache risk assessment data
9. Children's Privacy
The DataScoop Insights extension is intended for business use by authorized professionals. It is not intended for use by children under the age of 18.
10. Changes to This Policy
We may update this privacy policy to reflect changes to the extension. We will notify users of significant changes by updating the "Last Updated" date above. Your continued use of the extension after any changes constitutes your acceptance of the new policy.
11. Contact Us
If you have questions about this privacy policy or the extension's data practices, please contact us.