ShieldMap Privacy Policy

In short

ShieldMap runs entirely in your browser. Blocking, the live request graph, the Global Privacy Control (GPC) implementation and every other feature you see all operate on-device. No request data, no graph data, no GPC state and no record of your browsing ever leaves your device for a ShieldMap server, because there are no ShieldMap servers in this version of the extension. The only outbound calls the extension makes are anonymous fetches to easylist.to to refresh the public tracker-domain lists that drive blocking.

What ShieldMap does on your device

Every feature you interact with runs on your device only. Nothing about the pages you visit, the requests they make, or how you configure the extension is sent to a server we operate.

  • Tracker blocking uses Chrome's declarativeNetRequest engine with rule lists compiled from public sources. Match decisions happen inside Chrome, with no callback to us.
  • The live request graph is built from the webRequest observer in your browser and stored in memory for the current tab. It is rendered in the popup and discarded when the tab closes.
  • Global Privacy Control attaches the Sec-GPC: 1 header to outbound requests and exposes the corresponding JavaScript property to pages, both via mechanisms that run entirely inside your browser. Per-host opt-outs and Cloudflare Turnstile compatibility carve-outs are evaluated on-device.
  • Settings, the CDN allowlist, the per-host GPC list, the Turnstile compatibility list and your consent state are kept in chrome.storage. See Preference sync for how Chrome itself replicates these to your other signed-in browsers — we never see that data.

External network calls

ShieldMap makes outbound network calls to exactly two URLs, both third-party-maintained public tracker lists:

  • https://easylist.to/easylist/easylist.txt
  • https://easylist.to/easyprivacy.txt

These requests run approximately once every 24 hours. Each request carries only an If-Modified-Since header so that nothing is re-downloaded when the upstream list has not changed. No cookies, no extension identifier, no user account, no per-install token and no data about your browsing are attached. Every ShieldMap install issues an identical request.

ShieldMap does not operate easylist.to and has no visibility into easylist.to's own logging or retention. Their terms are published at easylist.to/pages/license.html. If you wish to avoid even this anonymous contact, disable the extension; uninstalling stops the fetch immediately.

There are no ShieldMap servers in this version of the extension. No other host is contacted by extension code.

What we do not collect or do

ShieldMap never collects, stores, transmits or runs any of the following:

  • Full URLs of pages you visit
  • Page titles
  • Search queries
  • Page contents or form fields
  • IP addresses
  • Device identifiers
  • User-agent strings
  • Cookies or local storage from sites you visit
  • Mouse, keyboard or scroll behaviour
  • Account identifiers — there are no accounts
  • Advertising identifiers
  • Fingerprints or device characteristics
  • No analytics SDKs
  • No error-reporting SDKs
  • No remote logging
  • No outbound diagnostics of any kind
  • No third-party trackers in the extension itself
  • Any other personally identifying information

ShieldMap is not funded by, and does not share data with, any advertiser, data broker or analytics vendor. We do not sell data, because we do not receive data. There is no third party with access to your information because no information is transmitted.

Preference sync

ShieldMap stores your preferences — GPC mode, per-host GPC opt-outs, the Turnstile compatibility list, the CDN allowlist and your consent state — using Chrome's standard chrome.storage.sync area. If you are signed in to Chrome and have sync enabled, Chrome will replicate these preferences across your other Chrome instances signed in to the same Google account.

That replication is handled entirely by Google as part of Chrome's built-in sync feature, under Google's terms and privacy policy. ShieldMap has no access to the synced data, no key, no callback and no copy on any server. We mention this only so you know that turning on Chrome sync will cause your ShieldMap preferences to follow you to other browsers — the data still never reaches us. If you do not want this replication, disable Chrome sync, or use the chrome.storage.local-only build (the per-feature opt-out is available from the Options page).

Permissions we request

Each permission in our Chrome Web Store listing maps to a feature you can see in the extension.

Permission justification
Permission Why we need it
<all_urls> Required so the request graph and tracker blocking can apply on every site you visit; without it ShieldMap would only see traffic on a hard-coded short list of hosts, which defeats the purpose.
webRequest Observes outbound requests so the popup can draw the live request graph and so the extension can flag tracker behaviour. The observer runs locally; nothing is forwarded off-device.
declarativeNetRequest Used to block tracker requests and to attach the Sec-GPC: 1 header on hosts where you have GPC enabled. Rules are evaluated by Chrome, not transmitted to us.
storage Stores your settings, GPC state, CDN allowlist, Turnstile compatibility list and consent state on-device. Preferences sync across your signed-in Chrome instances via the standard chrome.storage.sync mechanism (see Preference sync).
tabs Used to scope the request graph to the active tab and to clear the graph when a tab closes. Tab URLs are read in-memory and never transmitted.
scripting Required to inject the GPC content script into pages and to update its per-host exclusion list when you opt a host out.
alarms Schedules the daily refresh of the public tracker lists from easylist.to.

Your rights

You have the following rights regardless of where you live; we honour the stricter of the rules that apply to you.

GDPR (EU / EEA / UK)

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to object
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to lodge a complaint with your supervisory authority

CCPA / CPRA (California)

  • Right to know what we hold
  • Right to delete
  • Right to opt out of sale or sharing — we do neither
  • Right to correct
  • Right to limit use of sensitive information — we collect none
  • Right to non-discrimination for exercising any right

Because we do not receive any data about you, we do not hold any personal information to access, rectify, restrict, port, erase or sell. The most direct way to exercise the right to erasure is to uninstall the extension or use Chrome's Clear browsing data → Hosted app data, which removes everything ShieldMap has stored on your device. If Chrome sync is enabled, that deletion will also propagate through Google's sync infrastructure to your other signed-in browsers.

To exercise any of these rights, contact privacy@shieldmap.io. We will respond within 30 days.

Retention & deletion

Where each kind of data lives and for how long
Data Location Retention Deletion
Block decisions, settings, GPC state, CDN allowlist, Turnstile compatibility list, consent state Your device, via chrome.storage.sync (replicated by Chrome to your other signed-in browsers if Chrome sync is on) Until you uninstall or clear Uninstall the extension, or use Chrome's Clear browsing data → Hosted app data.
Live request graph for the current tab In memory only Until tab closes Closing the tab discards it; closing the browser discards everything.
Cached tracker lists from easylist.to Your device only Refreshed every ~24h Removed on uninstall.

There are no server-side records to delete because the extension does not transmit anything to a server we operate.

Future versions

A future version of ShieldMap may introduce an opt-in, aggregate, privacy-preserving feature that contributes anonymised tracker observations to a community blocklist using irreversible hashing and differentially-private aggregation. No such feature is present in this version of the extension.

If we ever ship that feature, it will arrive with: a new version of this policy that describes exactly what is transmitted before you can enable it; a fresh in-product consent step that is off by default and cannot be enabled by silent update; and a re-certification of the extension on the Chrome Web Store Developer Dashboard. Until then, this v2.0 policy is the complete description of what ShieldMap does.

Changes to this policy

We will update this policy when the practices it describes change. The Effective date and Version at the top of this page always reflect the current revision. Material changes — anything that broadens what we collect, store or transmit — will trigger an in-product notice and, where consent is required, a fresh consent step that is off by default. You do not lose any feature for declining a new prompt; you simply continue under the previous terms.

Cosmetic and clarifying edits are recorded in the version history but do not require re-consent.