Your privacy is our priority. This extension works entirely on your device. We don't collect, transmit, or sell any of your data. Everything stays local.
📋Overview
Keepnet Allow List Assistant ("the Extension") is a browser extension designed to assist Microsoft 365 administrators with allow list configuration. This privacy policy explains what data the extension handles and how it protects your privacy.
📊Data Collection and Usage
What We Collect (Locally Only)
Configuration Progress: The extension saves your progress through allow list configuration steps in Chrome's local storage on your device.
Screenshots: When you use the screenshot capture feature, images are stored locally in your browser's storage. These are never transmitted elsewhere.
Workflow State: Current step information and configuration state are stored locally to provide seamless guidance.
User Activity: The extension tracks which steps you've completed within the extension to provide accurate step-by-step guidance.
✅ What We DON'T Do
❌ We do NOT collect personal information
❌ We do NOT track your browsing history outside Microsoft 365 admin pages
❌ We do NOT transmit any data to external servers
❌ We do NOT use cookies or third-party analytics
❌ We do NOT sell, rent, or share any data with anyone
❌ We do NOT use your data for advertising
💾Data Storage
All data generated by this extension is stored locally on your device using Chrome's storage API. This includes:
Workflow Progress: Which steps you've completed
Screenshots: Visual documentation you choose to capture
Configuration State: Current position in the guidance workflow
Language Preference: Your selected interface language
Clearing Data: You can clear all extension data at any time by:
Removing the extension from Chrome
Clearing Chrome's extension data via browser settings
Using the extension's built-in clear data option (if available)
🔑Permissions Explained
The extension requests the following permissions. Here's why each is needed:
activeTab
Purpose: Required to detect when you're on Microsoft 365 admin pages (Security Center, Exchange Admin Portal) and to provide contextual guidance.
Scope: Only when you click the extension icon.
storage
Purpose: Required to save your workflow progress, screenshots, and preferences locally on your device.
Scope: Local storage only, no cloud synchronization.
scripting
Purpose: Required to highlight UI elements and provide step-by-step visual instructions directly on the webpage.
Scope: Only on Microsoft 365 security pages you're actively using.
Host Permissions
Domains:
https://security.microsoft.com/*
https://admin.exchange.microsoft.com/*
Purpose: Required to access Office 365 allow list configuration pages to provide in-page guidance and screenshot capture.
Scope: Extension only works on these specific Microsoft domains.
📸Screenshots
The extension includes a screenshot capture feature for compliance documentation. Here's how it works:
Screenshots are captured only when you explicitly click the screenshot button
Images are stored locally on your device in Chrome's storage
Screenshots may contain information visible in your Microsoft 365 admin portal at the time of capture
You have full control over these screenshots and can delete them at any time
No screenshots are ever transmitted to external servers
⚠️ Important Note About Screenshots
Screenshots captured by the extension may contain sensitive information from your Microsoft 365 environment, including email addresses, IP addresses, and configuration details. Please handle these screenshots according to your organization's security policies.
🌐Third-Party Services
This extension does not integrate with any third-party services. There are:
No analytics services (Google Analytics, etc.)
No advertising networks
No external APIs
No cloud storage services
No data transmission to any servers
The extension operates entirely within your browser and only on the specified Microsoft 365 domains.
🛡️Security
We implement security best practices to protect your data:
Minimal Permissions: We request only the permissions absolutely necessary for functionality
Local-Only Storage: All data stays on your device
No External Connections: No network requests to external servers
Domain Restrictions: Extension only works on specific Microsoft 365 domains
Open Source: Code is available for review on GitHub
Regular Updates: We promptly address any security concerns
👶Children's Privacy
This extension is designed for enterprise Microsoft 365 administrators and is not intended for use by children under 13 years of age. We do not knowingly collect information from children.
🔄Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes:
The "Last Updated" date at the top will be revised
Significant changes will be announced through the extension
The updated policy will be posted at this URL
We encourage you to review this policy periodically.
📧Contact Information
If you have questions, concerns, or requests regarding this privacy policy or the extension's data practices:
This extension and its privacy practices comply with:
Chrome Web Store Developer Program Policies
Google API Services User Data Policy
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
Microsoft 365 Third-Party App Integration Guidelines
✅Your Rights
You have the following rights regarding your data:
Access: All your data is stored locally and accessible through Chrome's developer tools
Deletion: Remove the extension to delete all associated data
Portability: Export your screenshots and data from Chrome's storage
Transparency: Review our open-source code to understand data handling
🎓 For Organizations
IT administrators can review the extension's code, permissions, and behavior before deployment. All data remains within your organization's control and on local devices. No data leaves your environment.