Last active 1 month ago

qsobad revised this gist 1 month ago. Go to revision

1 file changed, 108 insertions

PRIVACY.md(file created)

@@ -0,0 +1,108 @@
1 + # Privacy Policy — Feidu AUTOPILOT
2 +
3 + **Last updated**: 2026-05-28
4 +
5 + This document describes how the *Feidu AUTOPILOT* Chrome extension
6 + ("the extension") handles user data. The extension is the browser-side
7 + companion to *feidu-daemon*, a local macOS proxy controller distributed
8 + separately. This policy covers the extension only; the daemon is open
9 + source and its data handling is documented in its README.
10 +
11 + ## TL;DR
12 +
13 + The extension does not collect, transmit, or store any personal data on
14 + remote servers. All data the extension touches stays on the user's own
15 + machine: in the browser's local storage, or on the loopback interface
16 + between the extension and the local feidu-daemon at `127.0.0.1`.
17 +
18 + There is no analytics, no telemetry, no advertising, no third-party SDK,
19 + no remote logging, and no remote configuration. There are no remote
20 + network destinations contacted by the extension other than `127.0.0.1`.
21 +
22 + ## What the extension can observe
23 +
24 + To do its job, Chrome grants the extension visibility into the following
25 + categories of data. Each is processed locally and never leaves the
26 + machine.
27 +
28 + | Data | How observed | What we do with it |
29 + |----------------------------|-----------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
30 + | URLs of pages you visit | `chrome.tabs`, `chrome.webNavigation` | Pass the top-frame hostname to the local daemon so it can choose a proxy tunnel for that tab. Held in service-worker memory; not persisted. |
31 + | URLs of subresource requests | `chrome.webRequest` (read-only) | Detect requests that fail or stall, so the popup can offer a "Test this host" button. Held in per-tab in-memory index; cleared when the tab closes. |
32 + | Active tab hostname | `chrome.tabs.query` during popup interaction | Render the popup ("you're on `example.com` — pin it?") and target user-initiated actions ("test this host"). Not persisted beyond the popup session. |
33 + | Pin list (domain → region) | Synced from the local daemon via SSE | Cached in `chrome.storage.local["pinned-cache"]` so the popup can render when the daemon is briefly offline. Authoritative copy lives in the daemon, not Chrome. |
34 + | Per-tab session ID (SID) | Generated locally as `feidu-<tabId>-<nonce>` | Sent to the local daemon over loopback so it can attribute each connection to the right tab. Released when the tab closes (`chrome.tabs.onRemoved`). |
35 +
36 + ## What the extension never does
37 +
38 + - It does not inject content scripts into web pages.
39 + - It does not read or modify the DOM of any page.
40 + - It does not block, redirect, modify, or rewrite any HTTP request or
41 + response (`webRequest` is used in read-only listener mode only).
42 + - It does not contact any remote server. The only network destination
43 + it dials is `127.0.0.1` (the local feidu-daemon).
44 + - It does not include analytics SDKs, error reporters, or any
45 + third-party JavaScript.
46 + - It does not transmit, sell, rent, or share user data with any third
47 + party.
48 + - It does not use user data for advertising, profiling, or
49 + creditworthiness assessment.
50 +
51 + ## What the local daemon does with data the extension sends it
52 +
53 + When you use the extension, the following data crosses the loopback
54 + boundary to the local `feidu-daemon` process running on the same machine:
55 +
56 + - The hostname of the page in each active tab, so the daemon can choose
57 + a proxy tunnel for that tab.
58 + - Domain pins you create or remove from the popup.
59 + - Routing-suggestion and test requests you initiate from the popup
60 + buttons.
61 + - The proxied HTTP/SOCKS traffic itself (the daemon is your proxy).
62 +
63 + The daemon stores this on the local filesystem under
64 + `$HOME/.feidu/` and `/usr/local/var/lib/feidu-daemon/`. The daemon does not
65 + upload this data anywhere. See the feidu-daemon README for details.
66 +
67 + ## Permissions used by the extension
68 +
69 + A per-permission technical justification is in `PERMISSIONS.md`. The
70 + permissions are: `proxy`, `tabs`, `storage`, `activeTab`, `webRequest`,
71 + `webRequestAuthProvider`, `webNavigation`, `alarms`, and host access to
72 + `<all_urls>`. Each is required for the per-tab routing and
73 + failed-resources detection features described above.
74 +
75 + ## Data retention
76 +
77 + - In-memory per-tab failure index: cleared when the tab closes or when
78 + the service worker is suspended (whichever comes first).
79 + - `chrome.storage.local["pinned-cache"]`: persists across browser
80 + sessions; the user can clear it by uninstalling the extension or by
81 + clearing extension storage in `chrome://extensions`.
82 + - `chrome.storage.session` (per-tab SID map): cleared when the browser
83 + closes.
84 + - Daemon-side data on the local filesystem: governed by the daemon's
85 + own retention rules, see the feidu-daemon README.
86 +
87 + ## Children's privacy
88 +
89 + This extension is not directed at children under 13. We do not knowingly
90 + process data from children.
91 +
92 + ## Open source and audit
93 +
94 + The extension's source code is public. Reviewers, security researchers,
95 + and end users are encouraged to inspect `service_worker.js`, `popup.js`,
96 + and `routes.js` to verify the claims above.
97 +
98 + ## Changes to this policy
99 +
100 + Material changes will be noted at the top of this document with an
101 + updated date, and where possible announced in the extension's release
102 + notes on the Chrome Web Store.
103 +
104 + ## Contact
105 +
106 + Questions about this policy or about the extension's data handling can
107 + be sent to the support email listed on the extension's Chrome Web Store
108 + listing.
Newer Older