iTellyou Web Protection
Extension Privacy Policy
Transparency about the data needed to protect your browsing.
Last updated: July 10, 2026.
1. Scope and purpose
This Privacy Policy applies to the iTellyou Web Protection extension for Google Chrome. It supplements iTellyou’s general Privacy Policy and explains the data handled by the extension to detect phishing, malicious websites, dangerous downloads, and potentially harmful extensions.
The extension handles data only to provide, maintain, protect, and improve these security features, authenticate the account and device, verify the subscription, and comply with legal obligations. Using the extension is optional; some features stop working if required permissions or access are removed.
2. Data handled by the extension
Account and authentication: authentication token, device identifier and technical credential, extension version, platform, browser user agent, and subscription status. The token and technical credential are stored locally in the browser and used to authenticate requests to iTellyou.
Browsing and reputation: URLs and domains visited or found in analyzed links, allow or block decision, reason, confidence level, timestamp, and technical analysis metrics. The extension may send a URL and browser user agent to iTellyou when a reputation check is required.
Technical page signals: password fields on non-HTTPS pages, form destinations, overlays, and other DOM signals used to identify phishing. These signals are analyzed locally. The extension does not collect the full text of pages for this analysis.
Gmail: the extension identifies and checks the addresses of links displayed in messages. It does not collect or send the full email body, subject, or textual content.
Downloads: source URL, file name, and cryptographic file hash. To calculate the hash, the extension may temporarily read the file on the device, subject to a technical size limit. File contents are not sent to iTellyou; the reputation request sends the hash, URL, and file name.
Installed extensions: identifiers of installed extensions, excluding themes, development extensions, and iTellyou Web Protection itself. Identifiers are sent for reputation checks. The name of an extension detected as harmful is used locally to display the warning.
Settings and telemetry: allow and block rules, protection settings, decision cache, protection status, counts of allowed or blocked navigations, domains associated with those counts, cache usage, offline mode, and analysis duration.
3. How we use data
We use this data to assess reputation and risk; warn about or block threats; check downloads and extensions; keep rules and settings updated; provide personal allowlists and blocklists; authenticate the account and device; confirm access to the service; diagnose failures; measure protection effectiveness and performance; prevent fraud, abuse, and unauthorized access; and meet legal obligations.
We do not use extension data for personalized advertising, advertising profiles, creditworthiness, lending, or purposes incompatible with browsing protection.
4. Local storage and transmission to our services
Some processing occurs locally through Chrome storage, including the token, technical device credentials, settings, rules, subscription status, and analysis cache. The domain reputation cache expires at the end of the UTC day and may also be removed when settings change or the subscription becomes inactive.
When an online check is required, the data described in this policy is transmitted over HTTPS to iTellyou services. The extension does not execute JavaScript or WebAssembly received from remote servers.
5. Sharing and limited use
We do not sell user data. We do not transfer data to advertising networks, data brokers, or third parties for advertising, credit, or purposes unrelated to the extension’s single purpose.
We may provide data to service providers that operate infrastructure, hosting, security, support, and monitoring on our behalf, only as necessary to provide the service and subject to confidentiality and data protection obligations. We may also disclose information when required by law or a valid order, or to protect users, iTellyou, and the public against fraud, abuse, or security threats.
We do not allow people to read personal or sensitive user data except with the user’s specific consent, when necessary for security or legal compliance, or when data is aggregated and anonymized for internal operations.
Our use and transfer of data received from Google APIs complies with the Google API Services User Data Policy, including Limited Use requirements. The extension does not request access to Gmail accounts or APIs; it only checks URLs in links visible in the Gmail interface as described above.
6. Retention and deletion
Local data remains in the Chrome profile for as long as needed for the extension to operate and can be removed by clearing extension data or uninstalling it. Some data, including analysis cache and device credentials, is also deleted automatically in the situations described in this policy.
In iTellyou systems, we retain data only for as long as necessary to provide and protect the service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods for account and usage data also follow the general Privacy Policy. You may request access or deletion through the contact channels below.
7. Security
We use technical and organizational measures designed to protect data, including HTTPS transmission, request authentication, device-specific credentials, local storage protected by Chrome APIs, and service access controls. No transmission or storage method is completely secure.
8. Your rights and choices
Subject to applicable law, you may request confirmation of processing, access, correction, portability, objection, restriction, or deletion of personal data, and withdraw consent when consent is the legal basis. You may also uninstall the extension or remove permissions in Chrome settings; this may prevent protection features from working.
9. Children, changes, and contact
The extension is not intended for children under 13, and we do not knowingly collect children’s personal data without authorization required by law. We may update this policy to reflect changes to the product, practices, or law. The date below identifies the latest version.
For privacy questions or requests, email [email protected] or write to iTellyou, 356 Seton Passage, Calgary, AB, T3M 3T7, Canada. See also iTellyou’s general Privacy Policy.