Privacy Policy

Last Updated:

This Privacy Policy describes how Safe CA ("we", "our", or "us") handles information when you use the Safe CA browser extension ("Extension").

1. Information We Do NOT Collect

Safe CA does not collect, store, or transmit any of the following:

• Personally Identifiable Information: We do not collect names, email addresses, physical addresses, phone numbers, or any other personal identifiers.
• Browsing History: We do not track or store the websites you visit.
• Wallet Information: We do not access, collect, or store wallet addresses, private keys, seed phrases, or any wallet-related data.
• Transaction Data: We do not collect or store any transaction history or payment information.
• Location Data: We do not collect GPS coordinates, IP addresses, or location information.
• User Activity: We do not monitor clicks, mouse movements, scroll behavior, or keystrokes.
• Personal Communications: We do not access emails, text messages, or chat conversations.
• Analytics or Tracking: We do not use analytics tools, tracking pixels, or any third-party tracking services.

2. Information Stored Locally

All data is stored locally in your browser using Chrome's storage API. This data never leaves your device:

2.1 Watchlist Data

When you add tokens to your watchlist, the following information is stored locally:

• Contract addresses (public blockchain addresses)
• Blockchain network (Ethereum, Solana, etc.)
• Token safety scores and analysis data
• Baseline data for change detection

Storage Location: chrome.storage.sync (synced across your devices if you're signed into Chrome)

2.2 Extension Settings

Your extension preferences are stored locally:

• Auto-scan enabled/disabled
• Badge display preferences
• Dark mode preference
• Notification settings
• Watchlist polling settings
• Alert thresholds
• Custom allowed websites list

Storage Location: chrome.storage.local (device-specific)

2.3 Token Data Cache

To improve performance and reduce API calls, token scan results are temporarily cached locally for 5 minutes:

• Token safety scores
• Risk analysis data
• Market data (price, liquidity, etc.)

Storage Location: chrome.storage.local

Cache Duration: 5 minutes (automatically expires)

3. Information Transmitted to External Services

The extension makes API calls to fetch token safety data. Only public contract addresses are transmitted:

3.1 Contract Addresses

When you scan a token or when the extension detects a contract address, only the public contract address is sent to security analysis APIs:

• GoPlus Labs API (api.gopluslabs.io): Token security audits for EVM chains
• RugCheck API (api.rugcheck.xyz): Solana token analysis
• Honeypot.is API (api.honeypot.is): Honeypot detection
• DexScreener API (api.dexscreener.com): Market data and liquidity information
• Blockchain RPC Endpoints: On-chain data queries (Solana, Ethereum, BSC, Polygon, Base, Arbitrum, Avalanche)

3.2 API Response Data

The APIs return token safety analysis data, which is:

• Processed locally in your browser
• Temporarily cached for 5 minutes to reduce API calls
• Never transmitted to any other service
• Never shared with third parties

4. Website Content Access

The extension reads text content from web pages to detect contract addresses. This is limited to:

• Default Websites: X/Twitter (x.com, twitter.com, mobile.twitter.com)
• Custom Websites: Only websites you explicitly add in the extension settings
• Purpose: Extract contract addresses from page text using pattern matching
• Processing: All processing happens locally in your browser
• Storage: Full page content is never stored or transmitted

Only the detected contract addresses (public blockchain data) are extracted and sent to security APIs for analysis.

5. Permissions Explained

5.1 Storage Permission

Used to store your watchlist, settings, and cache data locally in your browser. No data is transmitted to external servers.

5.2 Alarms Permission

Used to periodically check your watchlist tokens for changes every 5 minutes. This allows the extension to monitor tokens in the background.

5.3 Notifications Permission

Used to send desktop notifications when tokens in your watchlist experience critical changes (liquidity drops, score decreases, etc.). You can disable notifications in settings.

5.4 Context Menus Permission

Used to add a "Scan with Safe CA" option to the right-click menu, allowing you to quickly scan contract addresses you encounter while browsing.

5.5 ActiveTab Permission

Used to access the currently active tab when you use the right-click "Scan" feature. Only accessed when you explicitly trigger the context menu action.

5.6 Scripting Permission

Used to inject content scripts into custom websites you add to your allowed list. This enables contract address detection on websites you choose. Scripts are only injected on websites you explicitly add.

5.7 Tabs Permission

Used to query browser tabs when you add a custom website, so the extension can immediately inject the content script on open tabs without requiring a page refresh.

5.8 Host Permissions (API Endpoints)

Required to make API calls to token security services and blockchain RPC endpoints. These are used exclusively to fetch token safety data. No user data is transmitted beyond the contract address being analyzed.

6. Data Sharing and Third Parties

The only data transmitted is public contract addresses sent to security analysis APIs (GoPlus Labs, RugCheck, Honeypot.is, DexScreener) for token safety analysis, which is the core purpose of the extension.

7. Data Security

All user data is stored locally in your browser using Chrome's secure storage API. The extension:

• Does not maintain any external servers or databases
• Does not have access to your data
• Cannot read your data remotely
• Uses HTTPS for all API communications
• Implements rate limiting to prevent API abuse

8. Children's Privacy

Safe CA is not intended for children under 13 years of age. We do not knowingly collect information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

9. Data Retention and Deletion

You have full control over your data:

• Watchlist: Stored until you remove tokens or clear the watchlist
• Settings: Stored until you change or reset them
• Cache: Automatically expires after 5 minutes
• Deletion: You can clear all data at any time using the "Clear Cache" and "Clear Watchlist" options in the extension settings

When you uninstall the extension, all locally stored data is automatically deleted by Chrome.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Updating the "Last Updated" date at the top of this policy
• Posting a notice in the extension (if significant changes occur)

Your continued use of the extension after any changes constitutes acceptance of the updated Privacy Policy.

11. Your Rights

You have the right to:

• Access: View all data stored by the extension in your browser's storage
• Delete: Remove any or all data using the extension's settings
• Control: Enable or disable any feature that processes data
• Uninstall: Remove the extension at any time, which deletes all stored data

12. Contact Us

13. Compliance

Safe CA is designed to comply with:

• Chrome Web Store Developer Program Policies
• General Data Protection Regulation (GDPR) principles
• California Consumer Privacy Act (CCPA) requirements

By using Safe CA, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.