이 부가 기능을 사용하시려면, Firefox를다운로드하세요.

로그인
추가 기능 아이콘

Phishguard-Security에 대한 개인정보처리방침

Phishguard-Security 제작자: Mohamed Medjahdi

0 / 5
5
0
4
0
3
0
2
0
1
0
Phishguard-Security에 대한 개인정보처리방침

Phishguard Browser Extension — Privacy Policy

Last updated: 2026-06-15

This document describes what the Phishguard browser extension (the "Extension") collects, how it uses that data, and what choices users have. Plain language, no legal manoeuvring — what the Extension actually does at runtime is what's written here.

The Extension is published by SocShield (socshield.dz). The corresponding service it talks to (the "Phishguard backend") is operated by the user's own organisation under their Phishguard tenant — SocShield does not centralise customer email data.



1. What the Extension processes

1.1 Email content — only when the user clicks "Report"

When the user explicitly clicks the Report to Phishguard button on an email in their webmail (Gmail, Roundcube / cPanel, Outlook on the Web, Horde, Zimbra, SnappyMail / RainLoop), the Extension:

  1. Fetches the raw RFC 822 source of that single email from the webmail's own backend, using the existing browser session cookies — exactly the same access the user already has when opening the message manually.
  2. Encodes it as base64, or for emails larger than 3 MB uploads the raw bytes to a one-shot Supabase Storage signed URL issued by the user's tenant.
  3. POSTs the resulting payload to the Phishguard endpoint URL the user configured in the popup.
  4. Receives an analysis verdict (one of PHISHING / SUSPICIOUS / SPAM / CLEAN / MALWARE / FRAUD / PENDING), a 0–100 threat score, and a list of indicator-of-compromise matches.
  5. Caches a short summary of the report locally so the analyst can see "Reported ✓" the next time they open the same email and so the popup's My Reports tab is populated.

No email content is read, transmitted, or stored at any time other than when the user clicks Report. The Extension does not scan messages in the background, does not page through the inbox, and does not access any message the user hasn't explicitly chosen to report.

1.2 Configuration (chrome.storage.sync)

The Extension stores in the browser's encrypted chrome.storage.sync:
  • Phishguard endpoint URL the user pasted into the popup
  • API key with the ingest scope, used to authenticate every backend call
  • Theme preference (light / dark)
  • Auto-junk preference — whether to auto-move phish to the Junk folder after reporting
  • Last health-check timestamp + result, for the popup's status pill

This data is synced across the user's signed-in browsers via Chrome / Edge / Firefox sync. It is never transmitted to SocShield and never shared with any third party. It is accessible only to the Extension.

1.3 Local cache (chrome.storage.local)

The Extension keeps a local cache so reports persist across browser restarts and the analyst can see what they've already submitted. The cache contains, per reported email:
  • Server-issued email ID, verdict, threat score, IOC match count, timestamps
  • Subject and sender address of the reported email — used as the row label in My Reports
  • A composite key derived from the webmail's tenant + origin + folder + message UID, so duplicate-detection works on the next open

The cache lives on the user's device. It is wiped immediately when the Extension is uninstalled. SocShield never reads it.

1.4 Retry queue (transient, chrome.storage.local)

When a report fails because of a transient network error (502 / 503 / 504 / 429 / connection drop), the Extension queues it for automatic retry with exponential backoff. The queue holds the raw .eml bytes for up to 5 attempts over a 4-hour window; after that the entry is dropped. Successful or non-retriable failures remove the entry immediately. The queue is capped at 10 entries and 2 MB per entry to bound storage.

1.5 Optional crash telemetry (Sentry)

If — and only if — the Extension is built with VITE_SENTRY_DSN set, runtime errors from the service worker and popup are sent to Sentry for crash diagnostics. We strip:
  • Authorization, X-API-Key and any other auth-style headers
  • Request and response bodies (including the .eml payload)
  • Cookies
  • The configured endpoint URL

What Sentry receives: an error message, a stack trace, the browser and Extension version, and our own diagnostic tags (which adapter was active, which step failed). Never the email being reported, never the API key, never the user's identity.

Without a DSN configured at build time, the Sentry SDK is not loaded into the bundle at all.



2. What the Extension does NOT do
  • No background email scanning. The Report flow is strictly user-initiated. The Extension never reads a message the user hasn't clicked Report on.
  • No browsing-history tracking. The Extension does not record which sites the user visits, which webmails they use, or which URLs they open.
  • No advertising. No ad networks, no marketing pixels, no fingerprinting.
  • No model training. Reported emails are used for the analyst's verdict workflow only.
  • No data resale. SocShield does not sell, rent, or otherwise transfer Extension data to advertisers or third parties.
  • No remote code execution. All Extension code ships in the signed package — nothing is fetched from a remote server at runtime.



3. Data routing

All reported emails are sent directly from the user's browser to the Phishguard endpoint URL they configured in the popup. That endpoint is operated by the user's own organisation (SocShield's hosted Phishguard or a self-hosted deployment). SocShield does not host a shared Phishguard tenant for end users; multi-tenant Phishguard accounts are billed and operated separately under a written contract.

The Extension does not proxy data through any SocShield-owned infrastructure beyond the optional Sentry endpoint described in §1.5.



4. Permissions justification

| Permission | Why we ask |
| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| storage | Persist the user's endpoint URL, API key, and local report cache. See §1.2 / §1.3. |
| contextMenus | Add a "Report to Phishguard" entry to the browser's right-click menu so the user can report from anywhere on a webmail page. |
| activeTab | When the user fires the keyboard shortcut (Ctrl/Cmd+Shift+P) or the right-click menu, the service worker needs to send a one-shot message to the currently-active tab. No persistent host access is granted. |
| alarms | Schedule periodic background tasks: a retry tick for queued reports (§1.4), a 15-minute health check, and a verdict-refresh tick that detects when the SOC analyst overrides a verdict on the user's report. |
| notifications | Show a desktop notification when a verdict the user previously reported is updated server-side ("Your phishing report was re-classified as MALWARE"). Without this permission the user has to open the popup to see verdict changes. |
| host_permissions: <all_urls> | The Extension must run on whatever URL the user's webmail lives at (mail.google.com, outlook.office.com, webmail.example.com, custom self-hosted Roundcube / Horde / Zimbra installs). We cannot enumerate every customer's webmail URL in advance. The content scripts use a fast detect() probe and immediately exit on non-webmail pages with no further activity. |



5. Third-party services
  • Phishguard backend (user-configured). The URL the user enters in the popup. Operated by the user's own organisation under their Phishguard tenant — not by SocShield unless the user has a hosted Phishguard contract.
  • Sentry (sentry.io) — error reporting. Only when the Extension is built with VITE_SENTRY_DSN set. See §1.5 for what's scrubbed before transmission.

No advertising networks, analytics SDKs, A/B testing platforms, or social-media trackers are bundled.



6. Chrome Web Store Limited Use disclosure

The Extension's use of information received from Google APIs (specifically the Gmail account, when reporting from mail.google.com) adheres to the Chrome Web Store Limited Use Requirements, including the limitations on use, transfer, storage, human reading, and machine learning.

Concretely:
  • The Extension only accesses the Gmail page's DOM and the user's session cookies to fetch the specific email the user clicked Report on.
  • The email content is transferred to the user's Phishguard tenant for analysis — the documented user-facing feature.
  • No Gmail data is used for advertising, sold, transferred for unrelated purposes, or read by humans except as required for the user's own SOC team to render a verdict.
  • No machine-learning models outside the user's tenant are trained on Gmail data.



7. Data retention
  • In the browser: chrome.storage.sync entries persist until the user changes their settings, signs out of browser sync, or uninstalls the Extension. chrome.storage.local entries persist until uninstall.
  • In the Phishguard tenant backend: retention is configured per tenant by the tenant's administrator under the Phishguard backend's own privacy policy. The Extension does not control tenant-side retention.



8. User rights
  • Removal: uninstalling the Extension via the browser's Extensions page wipes all chrome.storage.sync and chrome.storage.local data for this Extension immediately.
  • Inspection: configuration is stored in chrome.storage.sync. Users can inspect it via chrome://extensions/?id=...Inspect views: service worker → Console: chrome.storage.sync.get(null, console.log).
  • Correction or deletion of submitted reports: handled by the user's Phishguard tenant administrator. The Extension itself does not retain copies of submitted emails after the report cache entry is created.
  • Right to opt out of crash telemetry: telemetry is opt-in at build time. End users who install from the Chrome Web Store receive a build with telemetry disabled unless their organisation publishes a private build with it enabled.



9. Children

The Extension is a workplace security tool. It is not directed at children under 13 and is not designed for personal use. No data is knowingly collected from children.



10. Changes to this policy

Material changes to this policy will be reflected by updating the Last updated date at the top of this document and, for changes that affect the data the Extension collects, an in-product notice on the popup's status pill so users notice before the next report is sent.



SocShield Cybersecurity — Algiers, Algeria.