Legal

Privacy Policy

Last updated: June 23, 2026

The short version: Detection runs entirely in your browser. Nothing leaves your device until you take a deliberate action — activating a paid license, or sealing a forensic record. Simply installing the extension and scanning pages transmits nothing at all; on the free tier, with no license activated, the extension sends nothing off your device. We do not sell or share your browsing data, and we run no third-party analytics. What does leave your device — only after one of those actions — is described in detail below, and it never includes the content of the pages you audit.

This policy explains what the ForensicConsent browser extension and our services do with information. It applies to the extension, the marketing site at forensicconsent.com, and the API and verification services at api.forensicconsent.com and verify.forensicconsent.com.

1. How detection works

ForensicConsent audits the pages you choose for third-party trackers, pixels, chat widgets and session-replay scripts that transmit data before a visitor consents. This audit runs locally inside your browser. The extension observes network activity on the page you are auditing, evaluates it on your device, and shows you the results. Page content and the details of an audit stay on your machine unless you explicitly choose to seal a forensic record on a paid plan (see Section 3). If you never activate a paid license, the extension makes no network requests of its own — your scanning never leaves your device.

2. What we do not do

  • We do not sell or rent your data to anyone.
  • We do not share your browsing data with third parties.
  • We do not run third-party analytics or advertising trackers in the extension.
  • We do not transmit the content of the pages you audit or the detailed audit results.

3. What leaves your device

Only two operations send anything off your device, both are initiated by you, and both send the minimum required. Until you trigger one of them, nothing is transmitted.

(a) Forensic anchoring — paid plans only, when you choose to seal a record

When you explicitly seal a forensic record on a paid plan, the extension sends the following to api.forensicconsent.com:

  • a SHA-256 hash of the audit record (not the record itself);
  • the URL of the page you audited; and
  • a timestamp.

The page content and the detailed audit data stay local. The hash is what makes the record tamper-evident and independently verifiable at verify.forensicconsent.com; it cannot be used to reconstruct the page or its contents.

(b) License activation and validation — paid plans only

When you activate a paid license, the extension sends your license token, a randomly-generated device ID, and your browser's user-agent string to api.forensicconsent.com to validate the license and claim a seat. While a license remains active, the token is re-checked with the server periodically to confirm the license is still valid. The device ID is a random identifier generated on your device; it is not derived from your hardware, a browser fingerprint, or your identity, and the user-agent is the same string your browser already sends to every website you visit.

4. What is stored on your device

The extension uses your browser's local storage (chrome.storage.local) to keep:

  • your license token;
  • your randomly-generated device ID; and
  • your audit history.

This data stays on your own machine. You can clear it at any time by removing the extension's data or uninstalling the extension.

5. Permissions and why we need them

The extension requests only the permissions required to audit pages you choose. Each is used for the stated purpose and nothing else:

  • webRequest — to observe network requests locally so we can detect trackers and pre-consent transmissions.
  • webNavigation — to know when a page you are auditing loads or navigates, so the audit captures the right activity.
  • storage — to keep your license, device ID and audit history on your device (see Section 4).
  • tabs and scripting — to run the audit on the page and tab you choose, including the chat "gotcha" test.
  • alarms — to run scheduled re-audits for paid users.
  • Host access to all sites (<all_urls>) — so you can audit any site you choose. The extension does not act on a page until you ask it to.

6. Data we receive through the services

As described above, our API receives only an audit-record hash, the audited page URL, a timestamp, your license token, your random device ID, and your browser's user-agent string. We use this strictly to provide forensic anchoring and to validate licenses and seats. We do not build advertising profiles and we do not enrich this data with third-party sources.

7. Payments

When you upgrade, you start checkout from inside the extension, which opens our payment processor's secure checkout page in your browser. Payment is handled entirely by that processor, and we do not store your full card details on our servers. This marketing website never handles payments.

8. Children

ForensicConsent is a business tool and is not directed to children under 13. We do not knowingly collect personal information from children.

9. Changes to this policy

If we change this policy, we will update the "Last updated" date above and, where appropriate, note the change. Continued use of the extension after a change means you accept the updated policy.

10. Contact

Questions about this policy or your data? Email cliff@locustware.com.