Session Switcher 2 — Privacy Policy

SUMMARY: This extension is local-first. It does NOT transmit any user data to any server, ever. All session data (cookies, localStorage, sessionStorage, IndexedDB snapshots) stays inside your browser's local storage on your own device. There is no telemetry, no analytics, no tracking, no remote sync.

WHAT DATA IS ACCESSED
To provide its core functionality, the extension accesses the following data ONLY on websites you actively visit and ONLY when you explicitly trigger an action (Save, Switch, Restore, Delete):
- Cookies — save and restore login sessions (current site only)
- localStorage — save and restore site state (current tab only)
- sessionStorage — save and restore tab-scoped state (current tab only)
- IndexedDB metadata — save and restore site databases with size caps and skip rules for heavy hosts (Instagram, Twitter, Facebook, etc.)
- Tab URL / domain — determine which site you are on (current active tab only)

WHERE DATA IS STORED
Exclusively in chrome.storage.local / browser.storage.local (your browser's own local storage on your device). Never transmitted to any external server.

THIRD-PARTY SHARING
None. Zero. The extension makes no network requests, no API calls, no analytics pings. The only outbound connection is Google Fonts loaded by the popup UI for typography (read-only request for font files, no user data transmitted).

PIN PROTECTION (OPTIONAL)
If enabled, the PIN is hashed with PBKDF2 (SHA-256, 200,000 iterations, per-install random salt) using the Web Crypto API. The hash is stored locally only. Raw PIN is never stored, logged, or transmitted. Verification uses constant-time comparison.

EXPORT/IMPORT
Backups (JSON or ZIP) are downloaded to your local machine via the browser's standard download mechanism. The extension does not upload backups anywhere. You are responsible for the security of any backup files you create.

PERMISSIONS JUSTIFICATION
- storage: save your session list locally
- unlimitedStorage: cookies + IndexedDB snapshots can exceed default 5 MB quota
- tabs: read current tab URL to determine domain; reload after session switch
- cookies: read and write cookies for session save/restore
- activeTab: access content of the currently active tab when you trigger an action
- scripting: inject code into active tab to read/write storage
- <all_urls>: users save sessions on arbitrary websites of their choosing. On Firefox MV3, this is correctly opt-in: a banner asks for explicit permission only on first use.

CONTACT
GitHub: https://github.com/Erzambayu/sessionns-changerr
Issues: https://github.com/Erzambayu/sessionns-changerr/issues