Skip to content

PRIVACY.md

Latest commit

 

History

History
200 lines (148 loc) · 7.44 KB

PRIVACY.md

File metadata and controls

200 lines (148 loc) · 7.44 KB

Privacy Policy for Bookmark Manager Zero

Last Updated: December 18, 2025

Overview

Bookmark Manager Zero is a browser extension that provides a modern interface for managing your Firefox bookmarks. This privacy policy explains what data is collected, how it's used, and your privacy rights.

Data Collection and Storage

Local Data Storage

All bookmark data and user preferences are stored locally on your device using Firefox's built-in storage API (browser.storage.local). This includes:

  • User preferences (theme, view mode, zoom level)
  • Bookmark status cache (link availability and safety checks)
  • Whitelisted URLs
  • Safety check history
  • API keys (encrypted)
  • Error logs (optional debugging data)

Important: This data never leaves your device except as described in the "External Services" section below.

Private Browsing Mode

When using the extension in Firefox Private Browsing mode:

  • All data is stored only in memory (RAM)
  • No data is written to disk
  • All session data is cleared when you close the private window
  • Settings and preferences do not persist across sessions

QR Code Generation

The extension includes a QR code generator that allows users to create QR codes for any text content:

  • When Used: When using the QR code generator button (typically defaults to current page URL, but can be customized with any text)
  • Data Used: User-input text (no existing stored data required)
  • Purpose: Generate QR codes for sharing URLs, text, or other content via mobile device scanning
  • Processing: QR codes are generated locally using client-side JavaScript library
  • Storage: QR codes are not stored; generated on-demand and displayed temporarily in the interface
  • Data Transmission: No data is transmitted externally for QR code generation

External Services

The extension may communicate with the following third-party services only when specific features are enabled:

1. WordPress mshots (Screenshot Service)

  • When Used: When bookmark preview images are enabled (can be disabled)
  • Data Sent: Bookmark URLs
  • Purpose: Generate website screenshot thumbnails
  • Service: s0.wp.com/mshots/v1/
  • Privacy Policy: https://automattic.com/privacy/

2. URLhaus Malware Database

  • When Used: When safety checking is enabled (can be disabled)
  • Data Sent: Bookmark URLs
  • Purpose: Check if URLs are known malware/phishing sites
  • Service: urlhaus.abuse.ch
  • Privacy Policy: https://urlhaus.abuse.ch/api/#privacy

3. BlockList Project

  • When Used: When safety checking is enabled (can be disabled)
  • Data Sent: Domain names from bookmarks
  • Purpose: Check against known malicious domains
  • Service: blocklistproject.github.io
  • Privacy Policy: https://github.com/blocklistproject/Lists

4. Google Safe Browsing API (Optional)

  • When Used: Only if you provide an API key
  • Data Sent: Bookmark URLs (hashed)
  • Purpose: Additional malware/phishing protection
  • Service: safebrowsing.googleapis.com
  • Privacy Policy: https://developers.google.com/safe-browsing/v4/usage-limits
  • Note: Requires user-provided API key, disabled by default

5. VirusTotal API (Optional)

  • When Used: Only when you manually click "Check on VirusTotal"
  • Data Sent: Domain names from bookmarks
  • Purpose: Scan URLs for threats across multiple antivirus engines
  • Service: www.virustotal.com
  • Privacy Policy: https://www.virustotal.com/gui/privacy-policy
  • Note: Requires user-provided API key, manual action only

6. Textise (Optional)

  • When Used: Only when you manually click "View Text-Only"
  • Data Sent: Bookmark URL
  • Purpose: Display text-only version of webpage
  • Service: www.textise.net

7. Google Favicons

  • When Used: When displaying bookmark favicons
  • Data Sent: Domain names
  • Purpose: Retrieve website favicon icons
  • Service: www.google.com/s2/favicons

User Control

You have complete control over external service usage:

Disable All External Services:

  1. Open extension settings (gear icon)
  2. Uncheck "Show Link Status"
  3. Uncheck "Show Safety Status"
  4. Uncheck "Show Previews"

Privacy-Focused Configuration:

  • All external services can be completely disabled
  • Works fully offline with external features disabled
  • No telemetry or analytics
  • No user tracking
  • No advertisements

API Key Security

If you choose to provide API keys for Google Safe Browsing or VirusTotal:

  • Keys are encrypted using AES-256-GCM before storage
  • Encryption key is derived from your browser's unique fingerprint
  • Keys are stored in browser.storage.local (encrypted)
  • Keys are never transmitted except to the respective API services
  • In private browsing mode, keys are stored in memory only

Data Retention

  • Normal Mode: Data persists until you clear browser storage or uninstall the extension
  • Private Browsing Mode: All data cleared when private window closes
  • Cache Auto-Clear: Optional automatic cache cleanup (configurable: 1, 7, 30, 90 days, or never)

Permissions Explanation

The extension requests the following permissions:

bookmarks

  • Why: Read and manage your Firefox bookmarks
  • What: Access bookmark titles, URLs, folders, and metadata
  • Scope: All bookmarks in your Firefox profile

storage

  • Why: Save user preferences and cache data locally
  • What: Store settings, cache, API keys (encrypted)
  • Scope: Local storage only (no sync)

tabs

  • Why: Open bookmarks in new tabs
  • What: Create tabs when you click bookmarks
  • Scope: Tab creation only

<all_urls> (Host Permissions)

  • Why: Check if bookmark links are still working
  • What: Send HEAD requests to bookmark URLs to verify availability
  • Scope: Only used for link checking feature (can be disabled)
  • Note: No page content is accessed, only HTTP status codes

Third-Party Access

The extension does not:

  • Sell or share your data with third parties
  • Use analytics or tracking services
  • Display advertisements
  • Collect personally identifiable information
  • Transmit data to our servers (we don't have any servers)

Children's Privacy

This extension does not knowingly collect data from children under 13. The extension is designed for general audiences.

Changes to Privacy Policy

We may update this privacy policy from time to time. Changes will be reflected in the extension listing and the "Last Updated" date above.

Data Subject Rights (GDPR/CCPA)

As the extension stores all data locally on your device:

  • Right to Access: You can view all stored data in Firefox DevTools → Storage
  • Right to Delete: Uninstall the extension or clear browser storage
  • Right to Export: Use Firefox's built-in export features
  • Right to Object: Disable any feature in settings

Contact

For privacy concerns or questions:

Open Source

This extension is open source. You can audit the code at: https://gitlab.com/AbsoluteXYZero/BMZ-Firefox

Summary

Your privacy is important:

  • ✅ All data stored locally on your device
  • ✅ No tracking or analytics
  • ✅ External services are optional and can be disabled
  • ✅ Full transparency about data usage
  • ✅ Private browsing mode supported with memory-only storage
  • ✅ API keys encrypted before storage
  • ✅ Open source for full transparency