Privacy Policy
Diff Viewer is built on a single principle: your data belongs to you. This document explains exactly what information the extension does and does not collect — in plain language, with no legalese.
Scope & Applicability
This Privacy Policy applies to the Diff Viewer Chrome extension (the "Extension"), version 1.0.0 and all subsequent versions, distributed through the Chrome Web Store.
This policy does not apply to any external websites, services, or tools that you may access while using Chrome. Those are governed by their own respective privacy policies.
What Data We Collect
Specifically, the Extension does not collect:
- Personal identifiers (name, email address, IP address, device ID)
- The text you paste or type into the input panels
- Diff results, comparison history, or output
- Browsing history, tab URLs, or any web page content
- Usage statistics, feature interaction events, or analytics
- Crash reports or error logs sent to any remote service
- Keyboard input beyond what you explicitly type in the panels
- Clipboard contents other than explicit copy actions you trigger
- Any information about your operating system, location, or hardware
How the Extension Works
Diff Viewer is a browser popup extension. Clicking its toolbar icon opens a self-contained popup window that runs entirely within your browser's sandboxed extension process. All text parsing, diff algorithm execution, and result rendering happen locally inside that popup using standard browser JavaScript APIs — no server involvement at any stage.
No content scripts
The Extension does not inject scripts into any webpage you visit. It cannot read, observe, modify, or interact with any page's content, DOM, form data, or network traffic. It is completely invisible to every website you browse.
No background service worker
There is no persistent background process. The Extension is dormant until you open its popup, and it stops all activity the moment you close the popup window.
No external resources at runtime
Every asset — HTML, CSS, JavaScript, and icons — is bundled within
the extension package itself and served from the
chrome-extension:// origin. No fonts, scripts, images,
or data are fetched from the internet at runtime.
script-src 'self'; object-src 'self') is enforced by
Chrome at the browser level. It is architecturally impossible for the
Extension to load external scripts or make unauthorised network
requests — even if the source code attempted to do so.
Permissions Explained
The Extension declares exactly two permissions in its
manifest.json: clipboardWrite and
storage. Below is a precise, line-by-line account of why
each permission exists, what browser API it enables, and what it
explicitly cannot do.
Permissions that are requested
| Permission | Exact purpose in this extension | Sends data externally? | User-initiated only? |
|---|---|---|---|
| clipboardWrite |
Powers the Copy button present in each input
panel. When you click a Copy button, the content of that
panel is written to your system clipboard using the
navigator.clipboard.writeText() API, with a
document.execCommand('copy') fallback for
contexts where the Async Clipboard API is unavailable.
The Extension never writes to the clipboard automatically, on a timer, in the background, or without a direct, explicit button click from you. Nothing is appended, modified, or monitored in your clipboard at any other time. |
Never | Always |
| storage |
Enables use of chrome.storage.session — a
session-scoped storage area introduced in Chrome 102 that
is local to your device, held only in
memory for the duration of your browser session, and
never synced to Chrome Sync, Google's
servers, or any third party.
The Extension stores only two string values under the keys dv_text_left and
dv_text_right — the text from your Original
and Modified panels — so that your work is preserved if
you close and reopen the popup during the same browser
session. This data is erased automatically when the
browser is closed.
The Reset button calls chrome.storage.session.remove() to
immediately delete both keys on demand. The
Clear button overwrites both keys with
empty strings, also removing your text immediately.
Neither action sends any data anywhere.
|
Never | Auto on input |
storage and not sessionStorage?
The browser built-in sessionStorage is cleared every time
a Chrome extension popup closes, making it unsuitable for preserving
text across popup reopens within the same browser session.
chrome.storage.session solves this problem: it persists
for the lifetime of the browser session (not just the popup),
is cleared when the browser closes, and — critically — is
never synced to any external server, unlike
chrome.storage.sync which the Extension does
not use.
Permissions the Extension does not request
The following table lists sensitive Chrome permissions that are
not declared in the Extension's manifest. Their
absence is verifiable by inspecting
manifest.json directly.
| Permission | What it would allow | Requested? |
|---|---|---|
| clipboardRead | Reading the contents of your clipboard without you pasting | Not requested |
| tabs | Reading tab URLs, titles, and switching tabs programmatically | Not requested |
| activeTab | Accessing the content or URL of the currently active tab | Not requested |
| history | Reading or modifying your browser history | Not requested |
| cookies | Reading or writing cookies for any domain | Not requested |
| identity | OAuth sign-in or Google account access | Not requested |
| webRequest | Intercepting or modifying network traffic | Not requested |
| notifications | Sending system-level desktop notifications | Not requested |
| <all_urls> | Accessing the content of all websites you visit | Not requested |
| geolocation | Accessing your physical location | Not requested |
Local & Session Storage
The Extension uses one storage mechanism:
chrome.storage.session. This section explains exactly
what is stored, where it lives, how long it persists, and how you
can delete it at any time.
chrome.storage.session
dv_text_left — text from the Original paneldv_text_right — text from the Modified panel
chrome.storage.session data is automatically
wiped by Chrome when the last browser window closes.
chrome.storage.session is
strictly local and in-memory. It is never uploaded to Chrome
Sync, Google's servers, or any third-party service.
1. Click the Reset button — calls
chrome.storage.session.remove() to delete both keys.2. Click the Clear button — overwrites both keys with empty strings.
3. Close all Chrome windows — Chrome automatically purges all session storage on browser exit.
chrome.storage.session on your
local device. While this Extension never transmits that data
anywhere, you are responsible for the physical security of your
device and for using the Reset or Clear buttons when working with
sensitive content on a shared computer.
Third Parties
Diff Viewer does not integrate with, communicate with, or share any data with any third party, including:
- Analytics providers (Google Analytics, Mixpanel, Amplitude, Plausible, etc.)
- Crash reporting services (Sentry, Bugsnag, Datadog, Rollbar, etc.)
- Advertising networks, ad exchanges, or remarketing platforms
- Data brokers or data enrichment services
- Cloud storage or file sync services
- AI or machine-learning APIs of any kind
- Any API endpoints, webhooks, or remote servers of any description
Every resource the Extension uses — HTML, CSS, JavaScript, and icon
images — is bundled inside the extension package at install time and
served from the chrome-extension:// origin. No external
CDN, font service, or image host is contacted at any point.
Children's Privacy
Diff Viewer does not collect personal information from anyone — including children under the age of 13, or the applicable age of digital consent in your jurisdiction. Because no data is collected at all, there is no special-case handling required for younger users: the same zero-data guarantee applies universally regardless of age.
Changes to This Policy
If a future version of the Extension introduces features that change how data is handled — even locally — this Privacy Policy will be updated before that version is published to the Chrome Web Store. The "Effective" date at the top of the page and the changelog below will reflect every revision. Privacy policy subject to change at any time.
We will never introduce functionality that collects, transmits, or shares your data with third parties without clear disclosure, updated documentation, and — where required by law — explicit user consent.
clipboardWrite, storage
(session-scoped only). Replaced browser
sessionStorage with
chrome.storage.session for cross-popup
persistence. Removed previously planned
clipboardRead permission.
Contact
If you have questions, concerns, or feedback about this Privacy Policy or the Extension's behaviour, please get in touch through any of the channels below.
Diff Viewer Support
📧 Email: e8013585@gmail.com
🐛 Issues & Source Code: github.com/e8013585/diff-viewer
🌐 Chrome Web Store: View on Chrome Web Store