Privacy Policy

Last updated: April 2026

      The short version: Sensitive Data Redactor processes everything locally inside your browser. It reads page content only when you initiate a scan, applies redactions on your device, and exports files directly to your Downloads folder. No page content, no scanned text, and no personally identifiable information is ever sent to any server. The only external request the extension makes is a weekly check for an updated name database — that request contains no user data.
    

What Sensitive Data Redactor does

Sensitive Data Redactor is a Chrome extension that detects and permanently removes personally identifiable information (PII) from web pages and PDF documents. You initiate a scan, review every detected item before anything is changed, toggle off anything that does not need redacting, and then apply. Redacted PDFs are saved directly to your device. Redacted web pages are exported via your browser's own print-to-PDF function. Nothing is uploaded anywhere at any point in this process.

What data is processed — and where

All processing happens locally inside your browser using Chrome's built-in JavaScript engine. The extension reads page text or PDF text only at the moment you press Scan. It does not monitor your browsing, does not read pages in the background, and does not store any page content after the scan session ends.

The only data stored by the extension, via chrome.storage.local and chrome.storage.sync, is:

Extension preferences — which detection categories are enabled, custom keyword rules you have added, and display settings. Stored locally on your device.
Saved redaction sessions — the list of redacted text values from a previous session, stored locally and keyed to a URL so you can restore the session on a return visit. No page content is stored, only the matched strings you chose to redact.
The name database — a list of common first and last names used for person-name detection. Downloaded from the developer's server (see below) and stored locally. Never transmitted to any third party.

The name database — the only external request

Person-name detection requires a reference list of first names and surnames. This list is downloaded from the developer's update server (customsaas.co.uk) when the extension is first installed, and rechecked weekly to see whether an updated version is available. If a newer version exists, it is downloaded and stored locally; otherwise no data is transferred.

These requests contain no user data of any kind — they are simple HTTP GET requests with no cookies, no identifiers, and no payload. The response is a JSON file containing name arrays. Once stored locally, all name matching happens entirely on your device.

What is NOT collected

No page content, text, images, or URLs from pages you visit
No personally identifiable information (name, email, address, age)
No browsing history or records of which sites you visit
No authentication credentials or passwords
No financial or payment information
No health information
No location data or IP addresses
No keystroke, mouse, scroll, or click logging
No personal communications (emails, messages, or chat content)
No analytics, telemetry, or usage statistics of any kind

PDF processing

PDFs are fetched directly from their source URL by your browser, processed entirely in memory using a bundled PDF rendering library (PDF.js), and never transmitted to any server. The redacted output is generated locally using a bundled PDF writing library (pdf-lib) and saved to your Downloads folder by your browser. The developer never receives, sees, or processes any PDF you open in the extension.

Data sharing

We do not share any data with any third party. There is no analytics service, no advertising network, and no telemetry. Sensitive Data Redactor makes no network requests other than the weekly name database version check described above, which contains no user data.

Permissions and why they are needed

Permission	Why it is needed
scripting	Required to inject the redaction content script and its stylesheet into the active page when you initiate a scan from the side panel. Also used to trigger your browser's print function when exporting a redacted HTML page as a PDF. Injection only occurs on your explicit action — no background scripting takes place.
storage	Required to save your preferences, custom keyword rules, saved redaction sessions, and the locally-cached name database to your device using `chrome.storage.local` and `chrome.storage.sync`. All stored data remains on your device. Nothing in storage is transmitted externally.
sidePanel	Required to run the entire extension interface inside Chrome's native side panel. All features — scanning, category selection, result review, session management, PDF viewer, and export — are accessed exclusively through the side panel. There is no popup or separate browser tab.
tabs	Required to communicate with the active tab's content script (sending scan, apply, dismiss, and revert instructions), to read the active tab's URL so the side panel can update when you switch tabs, to listen for tab navigation events, and to navigate the tab when restoring a saved session.
alarms	Used for one background task: a weekly check that compares the locally-cached name database version against the latest version available from the developer's server. If a newer version exists, it is downloaded and stored locally. The alarm fires at most once per week and makes a single network request containing no user data.
Host permission (<all_urls>)	Required for two reasons. First, the redaction content script is declared in the extension manifest and needs access to any page the user may wish to redact — the specific site is not known in advance. Second, the scripting API requires matching host permissions when injecting into tabs that are not the result of a direct user click on the extension icon. The content script is entirely passive until you initiate a scan.

Remote code

Sensitive Data Redactor does not execute any remote JavaScript or WebAssembly. All code is bundled within the extension package. The name database downloaded from the developer's server is a JSON data file (arrays of name strings) — it is stored as data and is never executed as code.

Children

Sensitive Data Redactor does not knowingly collect any information from children under the age of 13. The extension collects no personal information from any user.

Changes to this policy

If we make meaningful changes to how data is handled, we will update this page and the date shown at the top. Because all data processing and storage happens on your device, any changes would only ever affect what happens locally within the extension.

Contact

If you have any questions about this privacy policy, please use the support link on the extension's Chrome Web Store listing page.