Privacy Policy

Overview

GenSnitch is designed with privacy as a core principle. We believe your browsing activity is your business—not ours.

Data Collection

We do not collect, store, or transmit any personal data.

GenSnitch operates entirely on your device. The extension analyzes image metadata locally in your browser. No images are ever uploaded to external servers.

Local Processing

All analysis happens locally using:

• EXIF/XMP parsing — Extracts metadata from image files.
• PNG text chunk scanning — Reads embedded generation parameters.
• C2PA/Content Credentials verification — Uses bundled WebAssembly (WASM) to validate digital signatures locally. No external validation services are contacted.

The extension uses wasm-unsafe-eval in its Content Security Policy solely to run the bundled C2PA WebAssembly module. This does not allow loading or executing external code.

Permissions

The extension requests only the minimum permissions necessary:

• contextMenus — To create the right-click menu option.
• activeTab — To access images on the current page when you activate the extension.
• storage — To save analysis reports temporarily.
• scripting — To fetch blob: URLs from page context.
• https://*/* (optional) — Requested on first use to fetch images from websites.

We do not request broad browsing history access or any permissions beyond what's essential.

Third-Party Services

GenSnitch does not integrate with any third-party analytics, tracking, or advertising services. There are no external API calls.

Changes to This Policy

If we update this policy, we'll revise the "Last updated" date above. Material changes will be communicated through the extension's update notes.

Contact

Questions about this policy? Open an issue on GitHub.