Skip to main content
Patient Protect circular logo mark in purple and white used for site navigationPatient Protect

HIPAA Shield Extension

Privacy Policy

Last updated: May 19, 2026

Plain English

The HIPAA Shield extension does not collect, transmit, store on any server, or share any data. Period.

Everything the extension does happens entirely inside your browser, on your device, in your local session. No information about you, the websites you visit, the text you type, what the extension detects, or whether you have the extension installed is ever sent to Patient Protect or any third party.

Data collection

The extension does not collect personal information, browsing history, form contents, detection results, telemetry, analytics, error logs, or any other data.

Network requests

The extension makes no network requests of any kind. There are no calls to any server, including Patient Protect's own infrastructure. This is enforced by the absence of any host_permissions in the extension manifest and by the absence of any fetch or XMLHttpRequest calls in the source code.

Local storage

The extension uses chrome.storage.local only to remember which detection rules you've toggled on or off in the popup settings. This data lives only on your device. It is not synced, shared, or transmitted.

Permissions

The extension requests only:

  • storage — to remember your rule toggles
  • Content script on <all_urls> — to run the detection on every page you visit. The actual detection is purely local and never transmits any matched content.

No code injection from servers

The extension does not load remote code. All JavaScript and CSS shipped with the extension is what you see in the public GitHub repository.

No analytics

No Google Analytics, no error reporting, no usage tracking. The extension cannot tell us how many people have installed it or what it has detected — and that is intentional.

Source code

This extension is open source under the MIT license. You can audit the entire codebase yourself.

Repository: github.com/patient-protect/hipaa-shield

Detection logic: src/content-script.js (under 250 lines, MIT licensed)

Updates to this policy

If this policy changes in any future version, the change will be documented here and in the repository's changelog. If a future version adds any data collection or transmission, the manifest permissions and this policy will be explicit about it.

Contact

For questions about this privacy policy: privacy@patient-protect.com

For the project broadly: github.com/patient-protect/hipaa-shield

← Back to HIPAA Shield