Foil Security Suite is built on a single principle: your data is yours. This policy describes exactly what each product collects, stores, and transmits — which is as little as possible.
FoilGuard (Chrome / Firefox extension)
What FoilGuard does not do:
- It does not send your browsing history anywhere.
- It does not create an account or require one.
- It does not require an API key to function.
- It does not use third-party analytics, telemetry, or crash reporting.
What FoilGuard stores locally in your browser:
- Your settings (block threshold, allowlist, blocklist, toggles) — stored in
chrome.storage.syncand synced across your own Chrome devices via your Google account. Google's privacy policy governs this sync. - The audit log (blocked domains, timestamps) — stored in
chrome.storage.localon your device only. - A cached copy of the remote domain list — stored in
chrome.storage.local.
Optional network requests:
- Remote domain list: FoilGuard fetches an updated domain list from
raw.githubusercontent.com/nikolap994/foilguardonce per day to keep detection current. No personal data is included in this request. - Google Safe Browsing: If you enter your own Google Safe Browsing API key in settings, FoilGuard will send visited URLs to Google's Safe Browsing API for real-time threat checking. This is opt-in and governed by Google's privacy policy. FoilGuard never sees or stores your API key beyond your local browser storage.
FoilVault (browser extension)
FoilVault is local-first by design. All credential data is encrypted with AES-GCM 256-bit and stored only in chrome.storage.local on your device. The master password and derived key are never stored — they exist in memory only while the vault is unlocked. No credentials, passwords, or keys are transmitted to any server.
The optional breach check feature sends a k-anonymity hash prefix to the Have I Been Pwned API. Your full password is never sent.
FoilSuite website (foilsuite.netlify.app)
- No cookies are set.
- No analytics or tracking scripts are loaded.
- No user accounts exist.
- FoilLab challenge progress (solved state, scores, timer) is stored in your browser's
sessionStorageandlocalStorageonly. Nothing is sent to a server. - The site is hosted on Netlify. Netlify may collect standard server access logs (IP address, request path, timestamp) as part of its infrastructure. See Netlify's privacy policy.
Third-party services
- GitHub: Source code is hosted on GitHub. GitHub's privacy policy applies to repository visits and issue submissions.
- GitHub Sponsors: Sponsorship payments are processed by GitHub and Stripe. Foil Security Suite does not handle payment data.
Contact
Questions about this policy: nikolap994@gmail.com
Changes to this policy
If this policy changes materially, the updated date at the top of this page will reflect it. The current version is always at foilsuite.netlify.app/privacy.