Privacy Policy

Last updated: 2026-06-15

Cipher is built around one principle: your browsing history is yours, and nobody else's — including ours.

No Data Collection

Cipher does not collect, store, or transmit personal data. There are no servers, no analytics, no telemetry, no crash reporters, and no third-party SDKs of any kind.

No Outbound Network Calls

The extension makes zero outbound network requests of its own. Cipher does not download a remote rulelist — every rule ships inside the package and is loaded by Chrome at install time.

How Cipher Works

Cipher uses Chrome's declarativeNetRequest API. The extension declares a set of rules to the browser, and the browser then enforces them inside its network stack. The extension itself does not see the URLs of pages you visit, the contents of those pages, or the requests being matched against its rules.

What Cipher Stores Locally

Three things, in your browser's local extension storage (chrome.storage.local) only:

  1. An on/off boolean — whether Cipher is globally enabled.
  2. Your allowlist — the list of hostnames you've paused (e.g. example.com).
  3. A counter — two integers (today's count, all-time count) of tracking requests Cipher has stripped or blocked. No URLs, hostnames, timestamps per event, or any other detail.

Uninstalling Cipher permanently deletes this data.

Permissions We Use

  • declarativeNetRequest — the core API: lets the extension provide its rule files to Chrome's network engine.
  • declarativeNetRequestFeedback — lets the extension ask Chrome "how many of my rules have matched recently?" so the popup counter works. Only rule IDs and counts are returned — no URLs.
  • storage — persist your settings and allowlist locally.
  • tabs — read the hostname of the active tab so the popup can offer the "Pause on this site" toggle. Only the hostname; not the path, query string, fragment, cookies, or page contents.
  • alarms — a 6-second periodic tick used to refresh the counter.
  • host_permissions: <all_urls> — required by Chrome for declarativeNetRequest redirect actions (URL parameter stripping). Cipher does not use this permission to read page contents or inject scripts.

No Remote Code

All extension code is bundled in the package. The two DNR ruleset files are static JSON inside the package. There is no eval(), no remote script tags, no remote module imports, and no remote configuration endpoint. To change what Cipher blocks, a new version must be published to the Chrome Web Store.

Third Parties

Cipher uses no third-party services, SDKs, analytics, error reporters, or ad networks. The marketing site you're reading uses Cloudflare Web Analytics, a cookieless analytics product that does not track individuals.

Open Source

Every line of code that runs in your browser is published in the public repository at github.com/visionion/cipher under the MIT license. The build script minifies but never obfuscates the code shipped to the Chrome Web Store — both are functionally identical to the source.

Children

Cipher is suitable for all ages and does not knowingly collect information from anyone — including children.

Changes to this Policy

Material changes will bump the Last updated date above and will be published in the repository's commit history.

Contact

Questions or concerns: info@visionion.dev.