-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathPRIVACY.html
More file actions
430 lines (303 loc) · 12.8 KB
/
PRIVACY.html
File metadata and controls
430 lines (303 loc) · 12.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
# Privacy Policy for FireFlag
**Last Updated:** February 4, 2026
**Effective Date:** February 4, 2026
**Version:** 1.0.0
## Introduction
FireFlag is a Firefox browser extension that helps users safely manage browser flags (about:config settings, experimental features, and developer flags). This privacy policy explains what data FireFlag collects, how it's used, and your rights regarding your data.
**TL;DR:** FireFlag stores all data locally on your device. We do not collect, transmit, or share any personal information. We do not use analytics, tracking, or telemetry.
## Developer Information
- **Extension Name:** FireFlag
- **Developer:** Jonathan D.A. Jewell
- **Contact:** j.d.a.jewell@open.ac.uk
- **Source Code:** https://github.com/hyperpolymath/fireflag
- **License:** MPL-2.0 (Mozilla Public License 2.0)
## Data Collection and Storage
### What Data is Stored Locally
FireFlag stores the following data **locally on your device only** using Firefox's browser.storage API:
1. **Flag States**
- Which flags you have enabled/disabled
- Current flag values
- Last modified timestamps
2. **Change History** (if tracking enabled)
- Before/after values when you toggle flags
- Timestamps of changes
- Performance metrics at time of change
3. **User Preferences**
- Auto-update settings
- UI preferences (compact view, safety badges, etc.)
- Permission grants
- Export format preferences
4. **Flag Database**
- Local copy of the flag database (105+ Firefox flags)
- Flag metadata (descriptions, safety levels, effects)
- Version information
**Storage Location:** All data is stored using `browser.storage.local` API, which keeps data on your device in Firefox's profile directory.
### What Data is NOT Collected
FireFlag does **NOT** collect, store, or transmit:
- ❌ Personal identifying information (name, email, IP address)
- ❌ Browsing history or website URLs
- ❌ Search queries or form data
- ❌ Cookies or authentication tokens
- ❌ System information (OS, hardware specs)
- ❌ Analytics or telemetry data
- ❌ Crash reports or error logs
- ❌ User behavior patterns
- ❌ Any data that leaves your device
## Network Activity
### Automatic Database Updates
When auto-update is enabled (default), FireFlag checks for database updates:
- **Frequency:** Weekly (Sundays at midnight UTC)
- **Source:** GitHub Releases API (https://api.github.com/repos/hyperpolymath/fireflag/releases/latest)
- **Data Sent:** Standard HTTP request headers (User-Agent, Accept)
- **Data Received:** Version number and download URL only
- **IP Logging:** GitHub may log IP addresses per their privacy policy
**You can disable auto-updates** in Settings → General → Auto-Update.
### Manual Database Updates
When you manually check for updates:
- Same process as automatic updates
- Triggered by user action only
- Can be disabled entirely
### No Analytics or Tracking
FireFlag does **NOT**:
- Use Google Analytics or similar services
- Track user behavior
- Send telemetry data
- Phone home for any reason except database updates
- Include third-party scripts or trackers
## Permissions and Data Access
### Required Permissions
FireFlag requests these Firefox permissions:
1. **`storage`** (Required)
- **Purpose:** Store flag states and user preferences locally
- **Data Access:** Your flag configurations and settings
- **Scope:** Local device only
### Optional Permissions
These permissions are requested **only when you enable specific flags**:
1. **`browserSettings`** (Optional)
- **Purpose:** Modify browser settings when you enable certain flags
- **Requested When:** You toggle a flag affecting browser settings
- **Can Be Revoked:** Yes, anytime in Firefox permissions
2. **`privacy`** (Optional)
- **Purpose:** Modify privacy-related flags
- **Requested When:** You toggle a privacy flag
- **Can Be Revoked:** Yes, anytime
3. **`tabs`** (Optional)
- **Purpose:** Display active flags in DevTools panel
- **Requested When:** You open DevTools panel
- **Data Access:** Current tab URL (not stored or transmitted)
- **Can Be Revoked:** Yes, anytime
4. **`notifications`** (Optional)
- **Purpose:** Show notifications for database updates
- **Requested When:** You enable update notifications
- **Can Be Revoked:** Yes, anytime
5. **`downloads`** (Optional)
- **Purpose:** Export flag reports as JSON/CSV
- **Requested When:** You export data
- **Can Be Revoked:** Yes, anytime
### Permission Transparency
FireFlag implements **granular permission requests**:
- Permissions are requested **only when needed**
- Each permission shows **what it enables**
- You can **review and revoke** permissions anytime
- The extension explains **why each permission is requested**
## Data Sharing and Third Parties
### No Data Sharing
FireFlag does **NOT** share your data with:
- ❌ Third-party services
- ❌ Analytics providers
- ❌ Advertising networks
- ❌ Data brokers
- ❌ The developer (us)
- ❌ Mozilla (except standard extension metadata)
### Third-Party Services Used
FireFlag interacts with these external services:
1. **GitHub** (for database updates)
- **URL:** https://api.github.com
- **Data Sent:** Standard HTTP headers
- **Privacy Policy:** https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement
- **Purpose:** Check for database updates
- **Opt-out:** Disable auto-updates in settings
2. **Mozilla Add-ons** (for extension updates)
- **URL:** https://addons.mozilla.org
- **Data Sent:** Extension ID, version number
- **Privacy Policy:** https://www.mozilla.org/privacy/firefox/
- **Purpose:** Update the extension itself
- **Opt-out:** Disable auto-updates in Firefox settings
**Note:** FireFlag does not control these third-party services. Please review their privacy policies.
## Data Retention
### Local Data
- **Stored:** Until you uninstall the extension or clear Firefox data
- **Deletion:** Automatically deleted when extension is removed
- **Manual Deletion:** Settings → Clear All Data button
### Exported Data
When you export flag reports:
- **Stored:** On your device in Downloads folder
- **Retention:** Your responsibility to delete
- **Content:** Flag states, change history, performance metrics (no personal data)
## Your Privacy Rights
### Access and Control
You have complete control over your data:
1. **View Data**
- Open DevTools → Application → Storage → Extension Storage
- View all stored flag states and preferences
2. **Export Data**
- Sidebar → Export tab → Download as JSON/CSV
- Portable format you can review
3. **Delete Data**
- Per-flag: Click "Reset to Default"
- All data: Settings → Advanced → Clear All Data
- Complete removal: Uninstall extension
4. **Manage Permissions**
- Firefox → Add-ons → FireFlag → Permissions
- Revoke any optional permission
### No Account Required
FireFlag does **NOT** require:
- Account creation
- Registration
- Login credentials
- Email address
- Personal information
## GDPR Compliance (EU Users)
FireFlag complies with GDPR because:
1. **No Personal Data Processing**
- All data stored locally
- No profiling or automated decision-making
- No data transfer outside EU (all local)
2. **Data Minimization**
- Only essential data stored
- No excessive data collection
3. **User Control**
- Full access to your data
- Easy export and deletion
- Transparent processing
4. **No Consent Required**
- GDPR requires consent for personal data processing
- FireFlag doesn't process personal data
- All storage is local and user-initiated
### Your GDPR Rights
Even though FireFlag doesn't collect personal data, you have these rights:
- ✅ **Right to Access:** View all data in browser storage
- ✅ **Right to Rectification:** Edit flag states anytime
- ✅ **Right to Erasure:** Delete all data or uninstall
- ✅ **Right to Data Portability:** Export as JSON/CSV
- ✅ **Right to Object:** Disable features or uninstall
## CCPA Compliance (California Users)
FireFlag complies with CCPA:
1. **No Sale of Personal Information**
- FireFlag does **NOT** sell personal information
- We don't collect personal information to sell
2. **No Sharing with Third Parties**
- All data stays on your device
- No third-party data sharing
3. **Opt-Out Rights**
- Not applicable (no data collection to opt out of)
- Can disable all network activity (auto-updates)
## Children's Privacy
FireFlag does not:
- Target children under 13
- Knowingly collect data from children
- Require age verification (no accounts)
FireFlag is safe for all ages because it collects no personal data.
## Data Security
### Local Storage Security
- **Encryption:** Firefox encrypts browser.storage data
- **Access Control:** Only FireFlag can access its storage
- **Isolation:** Separate from other extensions and websites
### Code Security
- **Open Source:** All code publicly auditable on GitHub
- **Security Scanning:** Automated security analysis (Svalin, Vordr, Selur)
- **No Minification:** Source code is readable
- **Reproducible Builds:** Verifiable build process
### No Server-Side Risk
- **No Backend:** No servers to hack
- **No Database:** No central storage to breach
- **No Cloud:** Nothing stored in the cloud
- **Local Only:** All data on your device
## Changes to Privacy Policy
### Notification of Changes
We will notify you of privacy policy changes by:
1. Updating the "Last Updated" date at the top
2. Publishing changes on GitHub
3. Including in extension update notes (for major changes)
### Material Changes
If we make material changes (e.g., start collecting data):
- We will request new permissions
- Firefox will prompt you to approve
- You can decline and continue using the old version
### Version History
Privacy policy versions are tracked on GitHub:
https://github.com/hyperpolymath/fireflag/commits/main/PRIVACY.md
## Open Source Transparency
FireFlag is fully open source:
- **Source Code:** https://github.com/hyperpolymath/fireflag
- **License:** MPL-2.0 (Mozilla Public License 2.0)
- **Auditing:** Anyone can review the code
- **Issues:** Report privacy concerns on GitHub
### Build Reproducibility
FireFlag uses reproducible builds:
- Anyone can verify the published extension matches the source code
- Build instructions in repository
- No hidden code or telemetry
## Contact and Questions
### Privacy Questions
For privacy-related questions:
- **Email:** j.d.a.jewell@open.ac.uk
- **GitHub Issues:** https://github.com/hyperpolymath/fireflag/issues
- **Response Time:** Within 7 days
### Data Requests
To exercise your privacy rights (though not needed for local data):
- **Access:** Use DevTools or export feature
- **Deletion:** Use "Clear All Data" or uninstall
- **Questions:** Email above address
### Security Vulnerabilities
To report security issues:
- **Email:** j.d.a.jewell@open.ac.uk (GPG key available on request)
- **GitHub:** Security tab (private disclosure)
- **Bug Bounty:** None currently
## Mozilla Add-ons Privacy
FireFlag is distributed through Mozilla Add-ons:
- **Mozilla Privacy Policy:** https://www.mozilla.org/privacy/firefox/
- **Add-ons Policy:** https://extensionworkshop.com/documentation/publish/add-on-policies/
- **Data Collected by Mozilla:** Extension ID, download count, ratings (not linked to users)
Mozilla may collect:
- Extension installation/update events
- Crash reports (if Firefox crash reporting enabled)
- General usage statistics (opt-in)
**This is separate from FireFlag** - we don't receive this data.
## Commitment to Privacy
**Our Promise:**
1. We will **never** collect personal data
2. We will **never** sell or share your data
3. We will **never** add analytics or tracking
4. We will **always** store data locally
5. We will **always** be transparent about changes
**If we ever violate these promises:**
- We will immediately notify all users
- We will request new permissions
- You can decline and keep using the old version
- You can report violations to Mozilla
## Legal Basis (GDPR)
FireFlag's data processing is based on:
- **Legitimate Interest:** Provide extension functionality
- **User Consent:** Explicit permission grants for optional features
- **Contract Performance:** Not applicable (no terms of service)
Since all processing is local and user-initiated, no additional legal basis is required.
## International Data Transfers
**Not applicable** - all data stored locally on your device.
## Automated Decision-Making
FireFlag does **NOT** use:
- Profiling
- Automated decision-making
- Machine learning on user data
- Behavioral analysis
## License
This privacy policy is licensed under CC BY-SA 4.0:
https://creativecommons.org/licenses/by-sa/4.0/
You may share and adapt this policy with attribution.
---
**Last Updated:** February 4, 2026
**Effective Date:** February 4, 2026
**Version:** 1.0.0
**FireFlag Privacy Policy**
Copyright (C) 2026 Jonathan D.A. Jewell
Licensed under CC BY-SA 4.0