HackAdvisor Extension — Privacy Policy

The extension sends one thing to HackAdvisor — the URL of the bug-bounty program page you are currently viewing — so it can look up that program's review count. Nothing else leaves your browser.

What the extension does
When you visit a bug-bounty program page on a supported platform (HackerOne, Bugcrowd, YesWeHack, Intigriti, Standoff 365, BI.ZONE and Immunefi), the extension asks the HackAdvisor API how many community reviews that program has and shows the result in a small widget.

What is sent
To https://hackadvisor.io/api/v1/extension/lookup over HTTPS: the program-page URL you are currently viewing. That is the complete list. The request carries no cookies, no credentials, and no custom identifying headers.

What is NOT collected
No name, email, or identity — the extension has no login. No browsing history — only the single program page you are actively viewing is looked up. No host-page content — program pages are detected from the URL alone; page content is never read or scraped. No cookies. No analytics, telemetry, advertising, or fingerprinting.

What is stored on your device
Two small values in local extension storage, never transmitted: whether the widget is enabled (the popup toggle), and the list of programs whose widget you have dismissed.

Data sharing
HackAdvisor does not sell your data and does not share it with third parties.

Contact: privacy@hackadvisor.io