// Legal
Privacy Policy
Last updated: April 27, 2026
Overview
SafeBrowz is a browser extension for Chrome, Firefox, and Edge that detects scams and phishing websites in real time. Your privacy is important to us. This policy explains what data we process, how we handle it, and what we never store.
We never sell your data and never ask for your name or email. SafeBrowz processes URLs and page text in real time to detect scams. For performance and detection improvement, our server retains a small set of non-identifying scan metadata (domain name, verdict, detection signals) and Premium license data (license key, wallet address for crypto payments, device count). No full URLs, page content, or personal identifiers are stored, and nothing is linked to your identity. Details in each section below.
Data We Process (Real-Time Only)
To detect scams and phishing, SafeBrowz must process the following data in real time. None of this data is linked to your personal identity:
- URLs of pages you visit - Sent to security APIs (PhishTank, URLhaus) and our proxy server (which in turn may call Google Safe Browsing) to check if they are malicious. The URL plus its classification (domain, verdict, identified brand, content signals, country code) is retained anonymously in our Detection Improvement Log to train the detection engine. No identity-to-URL linkage is stored: scans are not associated with your device instance ID, license key, email, name, IP address, or any session identifier. Page contents themselves are not stored.
- Page text content (Premium only) - For websites not on our verified safe list, the visible text content is sent through our proxy to AI for scam analysis. Not stored after the response is returned.
- Password hash prefix (Premium only) - When you type a password, only the first 5 characters of the SHA-1 hash are sent to HaveIBeenPwned via k-anonymity. Your actual password never leaves your device.
- License key and device instance ID (Premium only) - Sent to our server during activation and periodic validation to enforce the 3-device limit per license. Stored only to validate your Premium access.
- Wallet address, signed message, and transaction hash (Crypto payment only) - If you buy Premium with USDC on Base, these are sent to verify the payment on-chain. Stored to issue and validate your license key.
Data We Do NOT Collect or Store
- Your name, email, or any personally identifiable information
- Per-user browsing history. We never build a list of websites linked to your identity, device instance ID, license key, or session. URL classifications stored in our Detection Improvement Log carry no user identifier and cannot be traced back to you
- Page contents. The visible text or HTML of pages you visit is not retained after the scan completes
- Your actual passwords or login credentials
- Financial or payment information (card payments handled by LemonSqueezy, crypto payments verified on-chain - we never see your card details or private keys)
- IP-to-identity binding, device fingerprints, advertising IDs, or analytics tracking cookies
Detection Improvement Log (Anonymous)
To keep our detection engine current against new phishing patterns, wallet drainers, and brand impersonation, we retain the following anonymously for each URL we scan:
- Domain name and full URL of the page that was scanned
- Final verdict (safe, caution, danger) and category (phishing, drainer, fake login, scam, etc.)
- Identified brand if any (e.g. "NBK", "MetaMask", "Microsoft")
- Content signals: presence of login form, wallet-connect button, scam keyword count, hosting provider, SSL issuer, domain age
- Target country of the site (where applicable, resolved server-side)
- Timestamp of when the scan occurred
What is NOT stored alongside these scans: your device instance ID, license key, IP address, email, name, browser fingerprint, or any session identifier. There is no column in our database that can be used to reconstruct "which user visited which URL."
This is the same practice used by every public threat-intelligence service (VirusTotal, Google Safe Browsing, Cloudflare Radar, PhishTank): threat samples are retained so the system can learn from them, but they carry no end-user identity.
Web Server Access Logs
Our proxy server runs standard nginx access logs containing IP address, request path, timestamp, and user-agent header. These logs are kept short-term (typically 14–30 days) for operational debugging, abuse mitigation, and rate-limit enforcement. They are not cross-referenced with the Detection Improvement Log or any license record. No persistent linkage between an IP address and the URLs that IP has scanned is created.
How The Extension Works
When you visit a website, SafeBrowz performs a multi-layer scan:
- Layer 1 - Local Checks: URL patterns, typosquat detection, safe domain list, HTTPS verification. Runs entirely in your browser, no data leaves your device.
- Layer 2 - API Checks: Queries public security databases (Google Safe Browsing, PhishTank, URLhaus) with only the URL being checked. Domain age checked via RDAP or WHOIS with domain name only.
- Layer 3 - AI Analysis (Premium): For websites not on our verified safe domain list, page text content is sent through our secure proxy server (safebrowz.com/api) to AI for scam and phishing analysis. No personal data is included. Trusted sites (Google, Facebook, banks, etc.) are skipped automatically.
- DNS and SSL Checks (Premium): Domain existence and SSL certificate validity checked through our proxy server with domain name only.
Our Proxy Server
Premium features (AI scan, DNS check, SSL check) are routed through our server at safebrowz.com/api. This server:
- Acts as a proxy to protect API keys from exposure in the extension code
- Caches the domain name and safety verdict (safe, caution, or danger) for performance so repeated visits by any user get instant results. Cache entries expire automatically based on severity: 30 days for confirmed dangerous domains, 14 days for verified safe domains, 7 days for caution-level domains. No full URLs, page content, or user-identifying data is cached
- Forwards requests to third-party APIs and returns the response
- Validates license keys for premium features
- Does not track which user visits which website. Our application database does not link IP addresses, browser fingerprints, or session identifiers to scans, license keys, or any user identity. Standard web-server access logs (nginx) are retained short-term (typically 14 days) for operational debugging and contain only request timestamps and paths. These logs are not cross-referenced with scan data or license records
Third-Party Services
SafeBrowz uses the following services:
| Service | Purpose | Data Sent |
|---|
| Google Safe Browsing (US) | Check if URL is malicious - called server-side via our proxy | URL only |
| PhishTank (US) | Check if URL is phishing | URL only |
| URLhaus (EU) | Check if URL distributes malware | URL only |
| RDAP.org | Check domain registration age | Domain name only |
| HaveIBeenPwned | Password breach checking | First 5 chars of SHA-1 hash (k-anonymity) |
| AI content analysis | Scam detection on suspicious pages - routed through our proxy (Premium only). The extension itself does not contact any AI service directly. | URL + page text excerpt |
| LemonSqueezy (US) | Card payment processing and license validation | License key (for validation); billing email and card details go directly to LemonSqueezy, not to us |
| Base blockchain RPC | Crypto payment verification (USDC on Base) | Wallet address and transaction hash (public on-chain data) |
International transfers. Several services above are US-based. If you are in the EU/UK, by using SafeBrowz you understand that URLs or page-text excerpts (Premium only) may be processed outside the EU/UK solely to return a scam/phishing verdict. No personal data is included.
No personal data is included in any request. Only the URL, domain name, or page text content of the website being checked is sent to these services.
Password Breach Check
When you type a password on any website (Premium feature), SafeBrowz checks if it has appeared in known data breaches using the HaveIBeenPwned API. This uses k-anonymity: only the first 5 characters of the password's SHA-1 hash are sent. Your full password is never transmitted to any server. This check happens locally and the result is shown only to you.
Premium License
SafeBrowz Premium can be purchased via card or cryptocurrency. Here is how each method handles your data:
Card Payment (LemonSqueezy)
- Your license key is stored locally in your browser using the browser storage API
- The key is validated against our server (safebrowz.com/api) and LemonSqueezy
- Re-verification happens periodically to confirm the license is still active
- We do not store your card details. All card payments are processed by LemonSqueezy
- Removing the extension deletes your license key from the browser
Cryptocurrency Payment (USDC on Base)
- You pay by sending USDC on Base chain to our wallet address
- You sign a message with your wallet to prove ownership (EIP-191 personal_sign). This signature cannot be used to access your funds or make transactions
- We store only your wallet address (public on-chain data), the transaction hash, and the generated license key on our server
- We never have access to your private keys, seed phrase, or wallet funds
- Your license key is generated on our server and works the same as a card-purchased key
- Payment verification is done by checking USDC transfer events on the Base blockchain (public data)
Cryptocurrency Payment (USDC on Solana)
- You pay by sending USDC (or SOL) on the Solana mainnet to our receiver wallet
- You sign an ed25519 ownership message using your Solana wallet to prove the payment came from you. This signature cannot be used to move your funds or sign any other transaction
- We store only your Solana wallet address (public on-chain data), the transaction signature, and the generated license key on our server
- We never have access to your private keys, seed phrase, or wallet funds
- Payment verification is done by reading the on-chain SPL token transfer (public data) via standard Solana RPC
- Your license key works identically to a card-purchased or Base-purchased key
Token-Gated Premium ($SAFEBROWZ - live on Base)
Premium can also be unlocked by holding $SAFEBROWZ tokens above the threshold (Network: Base. Contract: 0xeA57Cc08A57CC544B0139A677AD601eC2ff21B07. Threshold: 10,000,000 tokens. Trading on Uniswap V3). The following data practices apply:
- You sign a one-time ownership message at activation. This proves you control the wallet without exposing any spending capability
- We store your wallet address and the activation timestamp. Wallet addresses are public on-chain data
- A daily server-side cron checks your token balance via public RPC. If your balance is still at or above the threshold, your Premium auto-renews for another 24 hours. No action required from you
- If you sell or transfer below the threshold, the next daily check downgrades your license to inactive. You can reactivate at any time by topping up and re-verifying
- We never request transaction signatures, never have access to your funds, and never move your tokens. The only signature ever requested is the one-time ownership proof at activation
- Token holders' wallet addresses are not shared with third parties. They are stored only to prevent the same wallet from gating multiple Premium licenses fraudulently
B2B Detection API (api.safebrowz.com/v1/detect)
SafeBrowz exposes the same scam-detection engine that powers the browser extension as a public HTTP API at api.safebrowz.com/v1/detect. The API is intended for developers, AI agents, wallets, and dApps that want to scan URLs programmatically. It is a separate service from the browser extension and has its own data practices, summarized here:
- What we receive: the URL string a caller submits in the request body. We do not receive the caller's identity, IP address (beyond what is needed for rate limiting), location, or browsing context
- Payment data (x402 micropayments): if the request is paid via x402 on Solana or Base, we record the on-chain transaction signature and the payer's wallet address, both of which are public blockchain data. This is required to prevent payment replay and to settle disputes. The wallet is not associated with any user identity by us
- Payment data (enterprise Bearer key): high-volume integrators can apply for a monthly-billed Bearer key. For these accounts we keep a usage log (timestamp, response verdict, token-bucket counter) for invoicing. The log does not contain the URLs scanned or any caller-identifying data beyond the key ID
- What we send back: a JSON verdict (safe, caution, danger), an optional brand name, a confidence score, threat-type tags, and human-readable reason. The detection process itself uses the same security-API checks (PhishTank, URLhaus, Google Safe Browsing, RDAP, internal AI proxy) as the browser extension
- Retention: usage logs are kept for 30 days for invoicing and abuse prevention. Payment ledger entries are kept indefinitely for legal/audit compliance. Per-URL scan results are cached for the standard verdict TTL (30 days for danger, 14 days for safe, 7 days for caution) and aggregated into the same anonymized detection-improvement log described above; raw URLs are not retained outside of cache TTL
- What we never do: share API caller identifiers with third parties, sell wallet addresses, or contact callers outside the scope of API service-related notifications (key rotation, abuse warnings, billing)
SafeBrowz Telegram Bot (@SafeBrowzbot)
The SafeBrowz Telegram bot scans URLs posted in groups and direct messages it has been added to. It is activated by a Premium license key (the same key used by the browser extension):
- What the bot reads: message text containing URLs in groups where the bot has been added with read permission, and direct messages sent to the bot
- What the bot stores: the activated license key for the chat, a per-chat 30-requests-per-minute rate-limit counter, and a short scan cache (URL + verdict) so repeated scans of the same URL in the same chat are instant. Cache entries expire after 24 hours
- What the bot does NOT store: message content other than URLs, user identifiers beyond what Telegram itself exposes to bot operators, group membership lists, or any non-URL conversation data
- How it talks to our API: the bot uses an internal Bearer key to call the same B2B detection endpoint. Telegram users do not pay per call - the bot's costs are absorbed under the Premium subscription
- Removing the bot: remove the bot from a group, or run
/deactivate, and all chat-scoped state for that chat is deleted
Browser Permissions
SafeBrowz requests the following browser permissions:
| Permission | Why |
|---|
| storage | Cache scan results, store settings and license key locally |
| tabs | Read the current tab URL to scan the website you are visiting |
| activeTab | Access the active tab for scanning |
| webNavigation | Detect when you navigate to a new page to trigger auto-scan |
| notifications | Show desktop alerts when a dangerous site is detected (Premium) |
| alarms | Schedule periodic community database refresh (every 6 hours) |
Host Permissions
The extension connects to the following domains:
- safebrowz.com - Our API proxy server (AI scan, DNS, SSL, license verification, Safe Browsing)
- checkurl.phishtank.com - PhishTank phishing database
- urlhaus-api.abuse.ch - URLhaus malware database
- rdap.org - Domain WHOIS / registration lookup
- api.pwnedpasswords.com - Password breach check (k-anonymity)
- raw.githubusercontent.com/meraja34/SafeBrowz-DB - Community blacklist and whitelist database (read-only)
Data Storage
Data stored locally in your browser using the browser storage API:
- Scan result cache (expiry depends on verdict: 30 days for danger, 14 days for safe, 7 days for caution)
- User whitelist (trusted domains you manually approve)
- Scan history (Premium only, stored locally)
- License key and verification timestamp (Premium only)
- All data is stored only on your device
- All data is deleted when you remove the extension
Community Database
SafeBrowz fetches a community-maintained blacklist and whitelist from a public GitHub repository every 6 hours. This is a one-way download. No data about your browsing is uploaded.
Detection Improvement Log
To improve detection accuracy and identify missed scams or false positives, our server keeps a minimal scan log. Each row stores only heuristic metadata derived from the scan, not raw user data:
- Domain name and its TLD
- Verdict (safe, caution, or danger) and which detection layer triggered it
- Domain registration age (in days)
- Boolean heuristic flags from the scan (has login form, has connect-wallet button, countdown timer present, free-hosting provider, drainer script signature matched, obfuscated JavaScript, seed-phrase prompt, anti-debug tricks, etc.)
- Extracted scam keyword count, a short brand name if the page mentioned one, and the AI-identified brand if brand impersonation was detected
- Path pattern of the URL (e.g. "/claim", "/verify") - never the full URL with query parameters or fragments
- Unix timestamp of the scan
The log does not contain: your name, email, IP address, device ID, license key, full URLs, query parameters, page content, form inputs, or any value that can identify you personally. Entries are automatically pruned after 90 days.
Remote Code
SafeBrowz does not execute any remotely hosted code. All extension code is bundled within the extension package. The only remote data fetched is the community database (JSON files) and API responses (JSON data), neither of which contain executable code.
Data Sharing
We do not sell, trade, or transfer any user data to third parties. The only data transmitted is website URLs and page content to security APIs for the sole purpose of scam detection, as described above.
Marketing Site Analytics
The browser extension uses no analytics and no tracking. The safebrowz.com marketing website separately uses Google Ads conversion tracking to measure advertising effectiveness. This only applies when you visit the website itself and has no connection to the extension.
Your Rights
You can request at any time to access, correct, or delete any data we hold about you by emailing info@safebrowz.com. Deletion covers:
- Premium card users: license record and activated device IDs
- Premium crypto users (Base or Solana): wallet address, transaction hash/signature, and license record
- Token-gated Premium ($SAFEBROWZ holders): your wallet address and the activation row. The license terminates with deletion (re-verify any time to reactivate)
- B2B API users: Bearer key record, usage log, and billing history (subject to legal retention requirements for invoicing and tax)
- Telegram bot users: chat-scoped license activation and short URL cache; you can also remove the bot from a group or DM
/deactivate for the same effect
The extension itself stores everything locally in your browser; removing the extension deletes all local data.
Children's Privacy
SafeBrowz does not knowingly collect any data from children under 13. Since we do not collect personal data from any user, this is inherently satisfied.
Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated date.
Contact
If you have questions about this privacy policy, please contact us at info@safebrowz.com. For customer support, license issues, or technical help with the extension, contact support@safebrowz.com.