PhishGuard — Privacy Policy

PhishGuard is a browser extension that detects phishing and fraudulent URLs in real time. This policy explains exactly what data we collect, why, and what we never do with it.

Data We Collect

PhishGuard collects only the minimum data required to perform phishing detection.

Data	Purpose	Stored?
URLs of links on visited pages	Phishing detection analysis	Temporarily
Scan statistics (count, threats)	Popup display only	Local only
Extension settings	User preferences	Local only
API key (if Enhanced mode enabled)	Authenticate enhanced scanning	Local only

How URLs Are Processed

When PhishGuard scans a link, the URL is sent to our detection backend for analysis. The backend uses a combination of machine learning (BERT-based model), rule-based heuristics, and optionally the IPQualityScore API for enhanced threat confirmation.

            URLs are used solely for threat analysis. They are not stored permanently, not sold, not used for advertising, and not associated with your identity in any way. Scan results are cached briefly in memory to avoid redundant API calls.
        

Third-Party Services

In Enhanced mode, URLs flagged by our ML model may be forwarded to IPQualityScore for additional reputation analysis. IPQualityScore processes URLs according to their own privacy policy available at ipqualityscore.com/privacy-policy.

No other third-party analytics, tracking, or advertising services are used.

What We Never Do

✕	Sell or share your data with advertisers or data brokers
✕	Track your browsing history or build user profiles
✕	Collect personally identifiable information (name, email, IP address)
✕	Store scanned URLs permanently on any server
✕	Use your data for any purpose other than phishing detection

Local Storage

PhishGuard stores the following data locally in your browser using Chrome's storage API. This data never leaves your device except as described in Section 2.

            chrome.storage.local: Scan statistics (today's scan count, threat count). Reset daily.

            chrome.storage.sync: Extension settings (enabled state, API key, preferences). Synced across your Chrome profile only.

Permissions

PhishGuard requests the following browser permissions and uses them only as described:

Permission	Why it's needed
activeTab	Scan links on the currently active page
storage	Save settings and statistics locally
alarms	Reset daily stats and keep backend alive
tabs	Identify active tab for per-page threat tracking
scripting	Inject content script to detect links on pages

Children's Privacy

PhishGuard does not knowingly collect any data from children under the age of 13. The extension does not request, store, or process any personally identifiable information from any user regardless of age.

Changes to This Policy

If this privacy policy changes materially, the updated version will be published at this URL with a revised date. Continued use of PhishGuard after changes constitutes acceptance of the updated policy.

Contact

Questions about this privacy policy or PhishGuard's data practices:

Open an issue or reach out via GitHub:

github.com/naebi-stack/fraud-detection-extensions