RawFeed Chrome Extension Privacy Policy

The RawFeed Chrome extension is intended for RawCapture users who want browser-based diagnostic capture for websites, web applications, or environments they own, operate, test, or are authorized to monitor. It helps collect frontend troubleshooting signals such as console events, failed network requests, slow requests, and CORS failures.

This extension policy supplements the main RawFeed Privacy Policy and the Terms and Conditions.

The extension must be connected to a RawCapture project by using a provisioning key created by a project owner. A provisioning key can register extension instances only; it cannot ingest logs directly. After successful registration, RawFeed returns a plugin instance ID and plugin secret used for HMAC-signed ingest requests.

Collection should be enabled only for properties, environments, or workflows where the user or organization has authority to monitor diagnostic data. Do not use the extension to capture data from sites, users, accounts, or systems without permission.

Extension event types are normalized into RawCapture event categories such as log, network, error, and security_anomaly. The original extension event type may be preserved in event metadata so the dashboard can show whether a record came from console_error, console_warn, console_log, cors_failure, network_slow, or network_error.

• The extension is not intended to collect passwords, payment card numbers, government identifiers, health records, private messages, or other sensitive personal data.
• The extension is not intended to sell personal data, build advertising profiles, or track users across the web for advertising.
• RawFeed does not use extension diagnostic data for third-party advertising.
• Project owners should configure capture policies, retention, scrubbing, and allowed event types to avoid unnecessary personal data.

The extension may store its plugin instance ID, plugin secret, project configuration, and operational settings in Chrome extension storage, such as chrome.storage.local. This local storage lets the extension authenticate without asking for the provisioning key on every request.

Removing the extension, clearing extension data, or revoking the plugin instance from RawCapture may stop future collection. Previously submitted records may remain in RawCapture until deleted, expired by retention controls, or no longer needed for service, security, legal, billing, or audit purposes.

The extension may request browser permissions needed to observe diagnostic events, interact with selected pages, access extension storage, and send events to RawFeed endpoints. The exact permission list may vary by release and Chrome Web Store package. During registration, RawFeed may store the extension-reported permission list for security review, troubleshooting, and audit purposes.

• Registration uses a provisioning key created inside RawCapture.
• Ingest requests use the plugin instance ID, timestamp, and HMAC signature rather than a plain project API key.
• RawFeed verifies signatures, checks whether the plugin instance is revoked or blocked, applies project policy, rate limits requests, and stores accepted events in the associated RawCapture project.
• RawFeed may reject events when credentials are invalid, the plugin instance is blocked, the collection window is paused, event types are not allowed, or rate limits are exceeded.

Project owners decide who may install and connect the extension to their RawCapture project. They are responsible for providing any required privacy notices, obtaining required permissions or consents, limiting collection to authorized systems, configuring data minimization controls, and responding to requests from their users or organization.

• Use short-lived provisioning keys and reasonable registration limits.
• Revoke plugin instances that are lost, unused, unknown, or no longer authorized.
• Use event-type restrictions, muted endpoints, scrub rules, collection pause windows, and retention controls.
• Avoid collecting content from unrelated websites or personal browsing sessions.
• Do not use RawCapture to monitor people or systems where you lack authority.

RawFeed uses extension data to:

• Operate RawCapture dashboards and event search.
• Authenticate plugin instances and prevent unauthorized ingest.
• Debug frontend errors, network failures, CORS issues, and slow requests for the connected project.
• Apply usage metering, feature limits, abuse prevention, rate limits, security review, and audit logging.
• Support retention, deletion, issue workflow, and support requests.

RawFeed does not sell extension data. Extension data may be processed by RawFeed infrastructure providers, such as hosting, database, storage, cache, analytics, monitoring, email, AI, billing, or support providers, where needed to operate the service. Data may also be disclosed if required by law, to protect rights or security, to investigate abuse, or during a business transaction.

If a project owner connects GitHub, Jira, or another workflow integration, selected RawCapture event details may be sent to that provider when the project owner exports or creates an issue.

Extension registration records, plugin instance metadata, trace events, audit logs, usage records, and support records may be retained until deleted, expired by RawCapture retention settings, revoked, or no longer needed for service, security, legal, billing, or audit purposes.

Project owners can manage many records in RawCapture, including plugin instances and project telemetry. Users may contact RawFeed for privacy or deletion requests, but RawFeed may need to coordinate with the relevant project owner when the data belongs to an organization-controlled RawCapture project.

RawFeed uses scoped provisioning keys, per-install plugin IDs, per-install HMAC secrets, hashed device fingerprints, encrypted stored secrets, revocation controls, block controls, rate limits, and audit records. No security measure is perfect. Users and project owners should keep provisioning keys and extension credentials private and revoke access when devices or installs are no longer trusted.

• You can uninstall or disable the Chrome extension to stop future extension collection from that browser.
• Project owners can revoke or block plugin instances in RawCapture.
• Project owners can pause collection, restrict allowed event types, adjust retention, and add scrub rules.
• You can contact RawFeed for privacy, access, correction, deletion, or security requests.

For Chrome Web Store purposes, the extension's limited purpose is RawCapture browser diagnostics for authorized RawFeed users and projects. RawFeed does not sell extension data, does not use extension data for unrelated advertising, and does not transfer extension data except as needed to provide or secure the service, comply with law, support user-requested integrations, or complete a business transaction.

The use of information received from Chrome APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

RawFeed may update this extension policy as the extension, RawCapture, or Chrome platform requirements change. For privacy, deletion, security, or extension data requests, contact RawFeed through the Contact page or from the email tied to your RawFeed account.

Related policies: RawFeed Privacy Policy and RawFeed Chrome Extension Privacy Policy.