Privacy Policy

BiniGuard runs entirely on your device. It does not collect, transmit, or share any browsing data, URLs, statistics, or personal information with any server operated by Biniru Projects or any third party.

Data that stays on your device

• URLs of pages you visit — checked locally against the blocklist. Never logged, never transmitted.
• Threat counter — a number of how many threats BiniGuard blocked, used only to display in the popup.
• User-configurable settings — whitelist, sensitivity preference. Stored in browser.storage.local.

Data that BiniGuard downloads

• Public phishing blocklists from PhishTank, OpenPhish, and Phishing Army — downloaded periodically by the extension as normal HTTP requests to the public list providers. We do not proxy or modify these lists.

No analytics, no telemetry, no accounts

• No usage statistics are sent anywhere.
• No crash reports are sent automatically.
• No account or sign-in required.
• No advertising IDs collected.

Permissions explained

• tabs + webNavigation — needed to check the URL of pages you load against the blocklist.
• <all_urls> — needed because phishing can happen on any domain.
• storage — stores your whitelist and threat counter locally in your browser.
• alarms — triggers periodic blocklist refresh.

Tip / donations

The optional tip jar opens an external page in a new tab. We do not see who clicks it. If you make a donation, the payment processor specified on that page handles your data under its own privacy policy.

Open source

BiniGuard is open source. Source code is unminified and reviewable. Network behavior described above can be verified by reading lib/blocklist-manager.js — the only file in the extension that makes network requests.

Changes to this policy

If we ever change what data is stored or transmitted, this page will be updated and the change will be announced in the extension release notes. We will not introduce telemetry or remote configuration as a silent change.