Privacy Policy for OTP Extractor

Overview

OTP Extractor is a Chrome extension that helps users extract OTP codes and verification links from Gmail messages. This privacy policy explains how we handle your data.

Data Collection and Processing

Our extension temporarily accesses the following data for processing purposes only:

• Gmail Messages: We temporarily read your Gmail messages to extract OTP codes and verification links. This data is processed in real-time and is not permanently stored.
• Authentication Tokens: Temporary Gmail access tokens are used only for API authentication and are managed by Google's secure OAuth system.
• Extracted Data: OTP codes and verification links are temporarily displayed to you but are not permanently stored or saved anywhere.

Data Storage and Retention

Our approach to data storage prioritizes your privacy:

• No Permanent Storage: OTP codes and verification links are not permanently stored anywhere. They are processed in real-time and displayed temporarily.
• No Server Transmission: No email content, OTP codes, or any personal data is ever sent to external servers.
• No Third-Party Sharing: No data is shared with third parties since no data is stored or transmitted.
• Temporary Processing Only: Data exists only in the extension's temporary memory during the extraction process and is immediately discarded.

How Data is Processed

Your data is processed entirely within the extension for these purposes:

• Real-time Extraction: Scan incoming emails for OTP codes using pattern recognition within the extension
• Link Detection: Identify verification links in your messages through local processing
• Temporary Display: Show extracted codes and links in the extension interface for immediate use
• Session Management: Maintain Gmail authentication session using Google's secure OAuth tokens

Permissions

Our extension requires these specific permissions, following Google's minimum scope principle:

• Identity (https://www.googleapis.com/auth/userinfo.email): For secure Gmail authentication using OAuth 2.0 to identify your Google account
• Gmail Read Access (https://www.googleapis.com/auth/gmail.readonly): To read Gmail messages for OTP and verification link extraction. We use read-only access to ensure no modifications to your emails.
• ActiveTab: To display extracted codes and links in the extension interface when viewing Gmail

Data Security

We implement the following security measures:

• Uses Google's secure OAuth 2.0 authentication
• No passwords or credentials are stored
• All data is encrypted using Chrome's built-in security
• Access tokens expire automatically

Your Rights

You have the right to:

• Clear all stored data through Chrome's extension settings
• Revoke Gmail access through your Google Account settings
• Uninstall the extension at any time
• Contact us with privacy concerns

Contact Information

If you have questions about this privacy policy, please contact us at:

Google API Compliance

This application complies with Google's API Terms of Service and verification requirements:

• Domain Verification: Our domain [YOUR-DOMAIN.com] is verified through Google Search Console
• Privacy Policy Compliance: This privacy policy meets all Google API Services User Data Policy requirements
• Limited Use Requirements: We strictly adhere to Google's Limited Use requirements for user data
• Secure OAuth 2.0: Authentication uses Google's secure OAuth 2.0 framework
• Minimum Scope Access: We only request the narrowest Gmail scopes necessary for functionality

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of any material changes by updating the "Last updated" date above.