Privacy Policy for VaptFinder

Last updated: September 2025

VaptFinder is a Chrome extension designed to help users identify known security vulnerabilities in web technologies and software packages. Your privacy is important, and this extension is built with a privacy-first approach.

Information Collection

VaptFinder does not collect, store, or track any personal or sensitive user data. The extension does not collect:

• Personal information
• Browsing history
• Website URLs
• IP addresses
• Cookies or identifiers

Website Access

The extension accesses the currently active webpage only when initiated by the user to detect publicly available JavaScript libraries and their version information. This data is processed locally within the browser and is not stored or transmitted.

External Services

VaptFinder communicates with public vulnerability databases to retrieve security information. These requests include only the following non-personal data:

• Package or library name
• Package or library version
• Software ecosystem (e.g., npm, PyPI, Maven)

External services used:

• OSV.dev API (https://api.osv.dev)
• Public CVE data providers

Remote Code

VaptFinder does not download or execute remote code. All extension logic is bundled within the extension package. Remote API responses are treated strictly as data.

Data Sharing

VaptFinder does not sell, transfer, or share user data with third parties.

Changes to This Policy

This policy may be updated if functionality changes. Updates will be reflected on this page.

Contact

For questions regarding this privacy policy, please contact the developer via the Chrome Web Store listing.