Legal

Privacy Policy

How ThreatLens handles your data — clearly and without the legalese.

Effective Date: April 15, 2026

Our Commitment ThreatLens is built to protect you online. We collect only the minimum data necessary for real-time threat detection. We do not sell your data — ever. No exceptions.

Section 01

Overview

ThreatLens analyzes websites you visit to detect phishing, malware, and unsafe pages in real time. By installing and using this extension, you agree to the terms described in this policy.

Section 02

What Data We Collect

The following signals are collected automatically when you visit a page:

Data Point Why We Need It
Current Website URL (origin only) Transmitted securely to evaluate domain reputation
HTTPS Status Used as a security indicator
Form / iframe / script counts Detect phishing structure patterns
Keyword count Identify suspicious content signals
Page title Displayed in the extension UI only

We do not collect any of the following:

Full URLs (paths or query params)
Browsing history
Form inputs or passwords
Personal data or identity

Section 03

How We Transmit & Use Data

To provide real-time threat detection, your active tab's URL and structural signals are securely transmitted over HTTPS to our analysis server:

HTTPS https://threatlens-api.vercel.app/predict

Strict No-Retention Policy: We operate on a "scan and forget" basis. Data required to generate your security risk score is processed in memory and immediately discarded after the API responds. We do not log, retain, or store the URLs you visit or your browsing history on our servers.

Section 04

Third-Party Services

ThreatLens uses the following third-party services to operate:

Vercel (API hosting) Google Gemini API (explanations only)

No personal data is transmitted to third-party services. The Gemini API is used solely to generate human-readable threat explanations and does not receive browsing data tied to your identity.

Section 05

Data Storage

We do not store any user data on our servers. Temporary analysis results may be cached locally in your browser's extension storage to avoid redundant requests — this data never leaves your device.

Section 06

Permissions

ThreatLens requires access to web pages you visit in order to analyze potential threats in real time. This includes all HTTP and HTTPS sites. No permission is used beyond what is strictly necessary for threat detection.

Section 07

Security

All communication between the extension and our servers is encrypted via HTTPS
No credentials, passwords, or form data are ever collected
No cross-site tracking or browser fingerprinting of any kind

Section 08

Your Control

You are in complete control. You can disable or uninstall ThreatLens at any time via Chrome Settings → Extensions. No account is required, and uninstalling removes all locally cached data immediately.

Section 09

Contact

Questions about this policy? We're happy to clarify anything.

Email
khatrihardik148@gmail.com