← Back to Exposed

Privacy Policy

Last updated: March 13, 2026

What Exposed does

Exposed is a Chrome browser extension that monitors web requests made by the websites you visit. It identifies when your personal data (like your email, IP address, or browsing activity) is being shared with third-party companies. It then shows you this information in a simple popup.

What data Exposed accesses

To do its job, Exposed observes:

• URLs of web requests made by websites you visit
• HTTP headers (specifically Cookie and Referer headers) sent to third parties
• JavaScript API calls on web pages (canvas, WebGL, geolocation) that may indicate device fingerprinting

This information is analyzed entirely on your device and is used only to show you the results in the extension popup.

What Exposed does NOT do

• Does not send any data anywhere. Exposed makes zero network requests. It has no server, no analytics, no telemetry.
• Does not collect or store personal information. Exposed does not record your email, name, browsing history, or any other personal data.
• Does not modify web pages or block requests. Exposed is read-only. It observes and reports but never changes anything.
• Does not share data with third parties. There are no third parties. There is no data to share.

Web browsing activity

To detect data sharing, Exposed observes web browsing activity (URLs, headers, and API calls) on the pages you visit. This observation is the core functionality of the extension and is performed entirely on your device. No browsing activity is transmitted, stored remotely, or shared with anyone.

Local storage

Exposed stores a small amount of data in your browser's local storage (using Chrome's storage.local and storage.session APIs) so that detection results persist while you browse. This data:

• Never leaves your device
• Session data (storage.session) is automatically cleared when you close your browser
• Tab data (storage.local) is cleared when you close or navigate away from tabs, and is replaced on each new browsing session
• All data can be removed at any time by uninstalling the extension

Permissions explained

Exposed requests these Chrome permissions:

• webRequest — to observe (not block) network requests and detect data sharing
• tabs — to know which website you're on, so it can determine which requests are third-party
• storage — to save detection results locally between page loads
• Host permissions (all URLs) — needed to monitor requests on any website, not just specific ones

Open source

Exposed is fully open source. You can read every line of code at github.com/adventurelands/chrome.exposed. If you have concerns about what the extension does, you are welcome to audit the source code yourself or ask someone you trust to review it.

Chrome Web Store User Data Policy

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.