PRIVACY POLICY

PRIVACY POLICY — CLICK WITH CONFIDENCE BROWSER EXTENSION

Last updated: May 25, 2026

Effective date: May 25, 2026

 

1. INTRODUCTION AND IDENTITY

 

Click With Confidence ("we," "us," "our") is a nonprofit organization operating the Click With Confidence browser extension ("the Extension"). Our mission is to protect seniors and vulnerable individuals from email phishing scams and fraud.

Website: clickwithconfidence.org

Contact: info@clickwithconfidence.org

Extension name: Click With Confidence

Available on: Google Chrome Web Store

This Privacy Policy explains exactly what data our Extension accesses, what we do with it, what we do not do with it, and what rights you have. By installing or using the Extension, you agree to this policy.

 

2. SCOPE OF THIS POLICY

 

This policy applies to:

The Click With Confidence Chrome browser extension

The backend scanning service operated at click-with-confidence-api.onrender.com

Any interaction between your browser and our servers

This policy does not apply to third-party websites you may visit, including Gmail, Outlook, or Yahoo Mail, which have their own privacy policies.

 

3. WHAT PERMISSIONS WE REQUEST AND WHY

 

Our Extension requests the following Chrome permissions. We explain the exact reason for each:

activeTab — Required to read the content of the email you currently have open, but only when you click Scan or when automatic mode is enabled. We never access tabs you are not actively using.

storage — Required to save your preferences locally on your device, specifically your chosen mode (Manual or Automatic) and your alert threshold setting. This data never leaves your device.

scripting — Required to inject our content reader script into Gmail, Outlook, and Yahoo Mail pages so we can extract the email text you want scanned.

notifications — Required to display a pop-up alert on your screen when automatic mode detects a suspicious email above your chosen threshold.

host permissions for mail.google.com, outlook.live.com, outlook.office.com, outlook.office365.com, mail.yahoo.com — Required to allow our content script to run on these email provider pages. We only read email content when explicitly triggered by you or by automatic mode. We do not read, access, or transmit any other data from these pages.

We do not request access to your browsing history, bookmarks, passwords, or any other browser data.

 

4. WHAT DATA WE ACCESS

 

When you scan an email, our Extension reads the following from the currently open email only:

The email body text

The email subject line

The sender's email address

We access this data only at the moment of scanning. We do not access your inbox list, other emails, attachments, contacts, calendar, or any other information.

We do not collect:

Your name

Your personal email address

Your Google, Microsoft, or Yahoo account information

Your login credentials or passwords

Your IP address

Your location

Any payment information

Any browsing history outside of email provider pages

No account creation or sign-in of any kind is required to use our Extension.

 

5. HOW WE USE YOUR DATA — LIMITED USE POLICY

 

We strictly comply with the Chrome Web Store User Data Policy, including the Limited Use requirements.

The email content accessed by our Extension is used for one purpose and one purpose only: to analyze whether the email you are currently viewing appears to be a phishing attempt or scam, and to return a risk score and plain-English explanation to you.

We do not:

Store or log your email content on our servers

Share your email content with any third party except as described in Section 6

Sell your data under any circumstances

Use your data for advertising or marketing purposes

Use your data to build user profiles

Transfer your data to data brokers

Use your data for any purpose unrelated to providing the email scanning feature

Allow humans to read your email content except in aggregated, anonymized form for security research with your explicit consent

Email content is transmitted to our server over an encrypted HTTPS connection, analyzed immediately, and discarded. It is never written to a database or log file.

 

6. THIRD PARTY SERVICES

 

Google Gemini API

Our scanning service uses the Google Gemini API to perform AI-powered phishing analysis. When you scan an email, the email text, subject line, and sender address are transmitted to Google's Gemini API for processing.

Under Google's free-tier API terms, data submitted through the free tier may be used by Google to improve their AI models. We have no control over Google's handling of this data once it is transmitted to their API.

Google's Privacy Policy: policies.google.com/privacy Google's API Terms of Service: ai.google.dev/terms

We are working toward upgrading to a paid API tier, under which Google's data training clause does not apply. We will update this policy when that transition is complete.

Render (Backend Hosting)

Our backend server is hosted on Render (render.com). Render may retain standard server access logs including timestamps and HTTP status codes. These logs do not contain email content. Render's privacy policy can be found at render.com/privacy.

 

7. DATA RETENTION

 

We retain no email content whatsoever. The moment a scan is complete and the result is returned to your browser, the email text is gone from our systems.

The only data stored is:

On your device only: your mode preference and alert threshold, stored via Chrome's local storage API

On Render's servers: standard HTTP access logs containing timestamps and status codes only, no email content

 

8. DATA SECURITY

 

All data transmitted between your browser and our server is encrypted using HTTPS/TLS. We do not store email content in any database, file, or log. Our server does not write email content to disk at any point during processing.

 

9. CHILDREN'S PRIVACY

 

Our Extension is not directed at children under the age of 13. We do not knowingly collect any personal information from children under 13. If you believe a child has used our Extension and you have concerns, please contact us at info@clickwithconfidence.org.

 

10. YOUR RIGHTS AND CHOICES

 

Because we do not store any personal data tied to your identity, most traditional data rights (access, deletion, portability) are not applicable — there is simply nothing stored about you to retrieve or delete.

You may at any time:

Uninstall the Extension, which removes all locally stored preferences from your device

Switch from Automatic mode to Manual mode to have full control over when any email content is transmitted

Contact us at info@clickwithconfidence.org with any privacy concern and we will respond within 5 business days

If you are located in the European Union, United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or CCPA respectively. Because we do not store personal data, these rights are satisfied by design. For any questions, contact info@clickwithconfidence.org.

 

11. COMPLIANCE WITH CHROME WEB STORE POLICIES

 

We certify the following in accordance with Google's Chrome Web Store Developer Program Policies:

We only request permissions that are necessary for our Extension's core functionality

We do not use email content for any purpose other than providing the phishing detection feature to the user

We do not sell user data

We do not use user data for advertising

We comply with the Limited Use Policy for data obtained through Chrome extension APIs

We provide this prominent privacy policy disclosing all data collection and use

 

12. CHANGES TO THIS POLICY

 

If we make material changes to this Privacy Policy, we will update the "Last updated" date at the top of this page and, where appropriate, notify users through the Extension itself. Continued use of the Extension after changes are posted constitutes acceptance of the updated policy.

We encourage you to review this policy periodically.

 

13. CONTACT US

 

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Click With Confidence Email: info@clickwithconfidence.org Website: clickwithconfidence.org

We are committed to resolving any privacy concerns promptly and transparently.

 

14. GOVERNING LAW

This Privacy Policy is governed by the laws of the United States. Any disputes arising under this policy shall be resolved in accordance with applicable federal and state law.

Click With Confidence is a nonprofit organization. We are not affiliated with, endorsed by, or sponsored by Google, Gmail, Microsoft, Outlook, Yahoo, or any other third-party service mentioned in this policy.