Privacy Policy

Foil Security Suite is built on a single principle: your data is yours. This policy describes exactly what each product collects, stores, and transmits — which is as little as possible.

FoilGuard (Chrome / Firefox extension)

What FoilGuard does not do:

  • It does not send your browsing history anywhere.
  • It does not create an account or require one.
  • It does not require an API key to function.
  • It does not use third-party analytics, telemetry, or crash reporting.

What FoilGuard stores locally in your browser:

  • Your settings (block threshold, allowlist, blocklist, toggles) — stored in chrome.storage.sync and synced across your own Chrome devices via your Google account. Google's privacy policy governs this sync.
  • The audit log (blocked domains, timestamps) — stored in chrome.storage.local on your device only.
  • A cached copy of the remote domain list — stored in chrome.storage.local.

Optional network requests:

  • Remote domain list: FoilGuard fetches an updated domain list from raw.githubusercontent.com/nikolap994/foilguard once per day to keep detection current. No personal data is included in this request.
  • Google Safe Browsing: If you enter your own Google Safe Browsing API key in settings, FoilGuard will send visited URLs to Google's Safe Browsing API for real-time threat checking. This is opt-in and governed by Google's privacy policy. FoilGuard never sees or stores your API key beyond your local browser storage.

FoilVault (browser extension)

FoilVault is local-first by design. All credential data is encrypted with AES-GCM 256-bit and stored only in chrome.storage.local on your device. The master password and derived key are never stored — they exist in memory only while the vault is unlocked. No credentials, passwords, or keys are transmitted to any server.

The optional breach check feature sends a k-anonymity hash prefix to the Have I Been Pwned API. Your full password is never sent.

FoilSuite website (foilsuite.netlify.app)

  • No cookies are set.
  • No analytics or tracking scripts are loaded.
  • No user accounts exist.
  • FoilLab challenge progress (solved state, scores, timer) is stored in your browser's sessionStorage and localStorage only. Nothing is sent to a server.
  • The site is hosted on Netlify. Netlify may collect standard server access logs (IP address, request path, timestamp) as part of its infrastructure. See Netlify's privacy policy.

Third-party services

  • GitHub: Source code is hosted on GitHub. GitHub's privacy policy applies to repository visits and issue submissions.
  • GitHub Sponsors: Sponsorship payments are processed by GitHub and Stripe. Foil Security Suite does not handle payment data.

Contact

Questions about this policy: nikolap994@gmail.com

Changes to this policy

If this policy changes materially, the updated date at the top of this page will reflect it. The current version is always at foilsuite.netlify.app/privacy.