Chrome Web Store Privacy Information

This is how we fill the “privacy practices” form on the Chrome Web Store Developer Dashboard.

Single purpose

Allows users to customize their experience on the Scratch website (scratch.mit.edu) by providing previously unavailable features - including many related to reading and replying of Scratch messages/notifications. This extension makes use of the “Scratch API” (api.scratch.mit.edu).

Permission justification

Permission Justification
Host permission Used to access information from, and run content scripts on the Scratch website.
cookies Used to access the scratchcsrftoken cookie, which needs to be included as an X-CsrfToken header for Scratch API calls.
webRequest Necessary in order to add an artificial “Referer” header so that requests to the Scratch API from the background page correctly work.
webRequestBlocking Necessary in order to add, edit and remove headers before they are sent (see webRequest).
storage Used to store extension settings.
contextMenus Used to show the “mute for…” feature.
alarms Used for the “mute for…” feature.

Optional Permissions

Optional Permission Justification
notifications To notify users about new Scratch messages/notifications.

Are you using remote code?

No, I am not using remote code

Data usage

What user data do you plan to collect from users now or in the future?

Personally identifiable information. For example: name, address, email address, age, or identification number.
Health information. For example: heart rate data, medical history, symptoms, diagnoses, or procedures.
Financial and payment information. For example: transactions, credit card numbers, credit ratings, financial statements, or payment history.
Authentication information. For example: passwords, credentials, security question, or personal identification number (PIN).
Personal communications. For example: emails, texts, or chat messages.
Location. For example: region, IP address, GPS coordinates, or information about things near the user’s device.
Web history. The list of web pages a user has visited, as well as associated data such as page title and time of visit.
User activity. For example: network monitoring, clicks, mouse position, scroll, or keystroke logging.
Website content. For example: text, images, sounds, videos, or hyperlinks.

I certify that the following disclosures are true:

✔️ I do not sell or transfer user data to third parties, outside of the approved use cases
✔️ I do not use or transfer user data for purposes that are unrelated to my item’s single purpose
✔️ I do not use or transfer user data to determine creditworthiness or for lending purposes


Last updated at 28 May 2021 by WorldLanguages on commit c154124. Improve this page.