Document of Record § Chrome Extension Privacy

Chrome Extension Privacy.
In plain language.

The EngineeringID browser extension reads the active tab's URL only when you explicitly click the extension icon. It does not record browsing history, read page content, or track activity across sites.

Version
v1.3
Effective
April 22, 2026
Jurisdiction
Global · GDPR · CCPA
Reading
≈ 3 min
← Main Privacy Notice / Privacy · Browser Extension
§01

Permissions Requested

The extension uses the Chrome activeTab permission, which grants access to the current tab only when you click the extension icon. Access is revoked as soon as you navigate away or close the tab.

  • activeTab — read the URL of the tab you clicked on, so we can pre-fill verification.
  • storage — remember your sign-in token locally (encrypted at rest by Chrome).
  • No host permissions — the extension does not inject scripts into arbitrary sites.
§02

What We Access

When you click the extension icon on a page, the extension reads the current tab's URL so it can offer to verify any EngineeringID seal codes present in the address. It does not read page HTML, DOM content, cookies, local storage, forms, or input fields.

The extension does not activate automatically. No background script reads your browsing.

§03

Local Storage

The extension uses Chrome's storage.local API to persist your authentication session. The token is a short-lived JWT scoped to the extension; it cannot be used to access your account from anywhere else.

§04

Network Requests

The only external endpoint the extension contacts is api.engineeringid.com. All traffic is TLS 1.3. We publish a Content Security Policy in the extension manifest that prevents accidental exfiltration to other hosts.

§05

Removing the Extension

Uninstalling the extension removes all local data. To also invalidate the session server-side, sign out of your EngineeringID account. You can revoke active sessions from Account → Security → Devices at any time.

Other product notices