1. Chrome Web Store — Required Data-Type Disclosures
The table below maps every personal and sensitive data category defined by the
Chrome Web Store User Data Privacy policy
to how the Extension handles it.
| Data Category |
Collected? |
Purpose & Handling |
| Personally Identifiable Information (PII) |
No |
No names, emails, phone numbers, physical addresses, or government IDs are collected. |
| Financial & Payment Information |
No |
The Extension does not handle wallets, private keys, seed phrases, card numbers, or any other financial credentials. |
| Authentication Information |
No |
No passwords, cookies, OAuth tokens, or authorization headers are read from any website. |
| Health Information |
No |
Not collected. |
| Website Content & Resources |
No |
The Extension does not inject content scripts and does not read DOM, text, screenshots, or any other content from web pages you visit. |
| Form Data |
No |
Not collected. |
| Web Browsing Activity |
No |
The Extension does not request the tabs, history, webNavigation, or activeTab permissions and has no way to observe URLs or browsing activity. |
| User-Provided Content |
Yes — locally; transmitted only to the backend you configure |
Chat messages you type in the side panel and a token mint identifier you set are stored in chrome.storage.local on your device. If you set a backend URL, those messages are sent over HTTPS to that backend so it can return an AI response. |
| Personal Communications |
Yes — side-panel chat messages only |
The Extension stores messages you type into the WhiteOwl Chat tab locally so the side panel can show your chat history. If you configure an HTTPS backend URL, those messages are sent only to that backend for AI responses. The Extension does not access email, SMS, social messages, or any third-party messaging service. |
2. Data the Extension Stores Locally
The Extension writes only the following items to chrome.storage.local on your device:
- Chat history — messages you have sent and the responses returned by the backend you configured.
- Backend URL (
wo_server_url) — the HTTPS endpoint you choose for AI chat. Empty by default.
- UI preferences — active tab, language, and similar non-sensitive layout state.
- Token mint context — an optional Solana token mint identifier you set so the Token tab can display public on-chain context for that mint.
None of this data is transmitted to any WhiteOwl-operated server. You may clear it at any time by removing the Extension or by clearing extension storage from chrome://extensions.
3. Data Sent to a User-Configured Backend
The Extension is a thin side-panel client. It has no built-in cloud service. AI chat features become available only after you set a backend URL via chrome.storage.local. When such a backend is configured, the following data is transmitted to that endpoint over HTTPS:
- Chat messages you send from the side panel.
- The token mint identifier currently set in the Token tab (if any).
The backend is not operated by the Extension publishers. You are responsible for choosing a backend you trust and for reviewing its own privacy policy. The Extension never falls back to a default remote server and never sends data to any URL you have not explicitly configured.
4. How Your Data Is Used
- Chat history is read back into the side panel so you can review past conversations.
- Backend URL is used to address outgoing chat requests.
- UI preferences are used to restore the side panel layout between sessions.
- Token mint context is used to display publicly available token information inside the side panel.
No collected data is used for advertising, analytics, marketing, profiling, creditworthiness, fraud-detection-for-third-parties, or any purpose unrelated to the side panel's research-and-chat functionality.
5. Permissions Requested
The Extension requests only the following Chrome permissions, each used solely for its narrow technical purpose:
sidePanel — to render the side panel UI.storage — to persist the items listed in Section 2 on your device.
The Extension does not request tabs, activeTab, cookies, webRequest, history, scripting, downloads, host permissions, or any other sensitive permission. It declares no content_scripts.
6. Security
- All extension code runs from files bundled inside the package; no remote code is loaded or evaluated. The manifest enforces a strict Content Security Policy (
script-src 'self'; object-src 'self'; connect-src https: wss: data:;).
- If you configure a backend URL it must use
https://; the Extension does not initiate plain-HTTP requests.
- Local data lives in the browser's extension storage and is subject to the security model of your operating system and browser profile.
7. Third Parties
The Extension contains no third-party analytics, advertising, attribution, or tracking SDKs. It does not share data with any third party. Any data you choose to send to a backend you configured is governed by that backend's own privacy practices.
8. Children
The Extension is not directed at children under 13 and does not knowingly collect data from them.
9. Your Choices
- You can delete all locally stored data by removing the Extension or by clearing extension storage from
chrome://extensions.
- You can stop all outbound chat traffic at any time by clearing the
wo_server_url key from chrome.storage.local.
- You can review and clear chat history from inside the side panel.
10. Changes to This Policy
If this policy is updated, the new version will be published at whiteowl.wtf/privacy with an updated "Last updated" date. Material changes affecting how data is collected or transmitted will be reflected in the Extension's listing on the Chrome Web Store.
11. Contact
For privacy questions or data requests, reach out via the Support page.
