Chrome Web Store Privacy Information

This is how we fill the “privacy practices” form on the Chrome Web Store Developer Dashboard.

Single purpose

Allows users to customize their experience on the Scratch website (scratch.mit.edu) by providing previously unavailable features - including many related to reading and replying of Scratch messages/notifications. This extension makes use of the “Scratch API” (api.scratch.mit.edu).

Permission justification

PermissionJustification
Host permissionUsed to access information from, and run content scripts on the Scratch website.
cookiesUsed to access the scratchcsrftoken cookie, which needs to be included as an X-CsrfToken header for Scratch API calls.
webRequestNecessary in order to add an artificial “Referer” header so that requests to the Scratch API from the background page correctly work.
webRequestBlockingNecessary in order to add, edit and remove headers before they are sent (see webRequest).
storageUsed to store extension settings.
contextMenusUsed to show the “mute for…” feature.
alarmsUsed for the “mute for…” feature.

Optional Permissions

Optional PermissionJustification
notificationsTo notify users about new Scratch messages/notifications.

Are you using remote code?

No, I am not using remote code

Data usage

What user data do you plan to collect from users now or in the future?

Personally identifiable information. For example: name, address, email address, age, or identification number.
Health information. For example: heart rate data, medical history, symptoms, diagnoses, or procedures.
Financial and payment information. For example: transactions, credit card numbers, credit ratings, financial statements, or payment history.
Authentication information. For example: passwords, credentials, security question, or personal identification number (PIN).
Personal communications. For example: emails, texts, or chat messages.
Location. For example: region, IP address, GPS coordinates, or information about things near the user’s device.
Web history. The list of web pages a user has visited, as well as associated data such as page title and time of visit.
User activity. For example: network monitoring, clicks, mouse position, scroll, or keystroke logging.
Website content. For example: text, images, sounds, videos, or hyperlinks.

I certify that the following disclosures are true:

✔️ I do not sell or transfer user data to third parties, outside of the approved use cases
✔️ I do not use or transfer user data for purposes that are unrelated to my item’s single purpose
✔️ I do not use or transfer user data to determine creditworthiness or for lending purposes


Last updated at 22 July 2021 by Hans5958 on commit c5b1070. Improve this page.

Comments

Make sure to follow the code of conduct. You can see this comment section on GitHub Discussions, as well as editing and removing your comment.