Privacy Policy

Effective date: March 1, 2026

🍳 TL;DR

PhishFry does not collect your personal data. All link scoring happens locally in your browser. We don't track you, we don't use cookies, and we don't run analytics. Your browsing history never leaves your device.

What PhishFry Does

PhishFry is a browser extension that scores links for phishing risk. It analyzes URLs using local algorithms, a bundled database of known domains (Tranco top 500K), and heuristic pattern matching — all running entirely in your browser.

Data We Collect

None. PhishFry does not collect, transmit, store, or sell any personal data. Specifically:

No browsing history is recorded or sent anywhere
No URLs you visit are transmitted to our servers
No personally identifiable information is collected
No analytics or telemetry of any kind
No cookies
No tracking pixels or fingerprinting

Local Processing

All scoring — including TLD reputation analysis, domain popularity lookups, typosquatting detection, homoglyph detection, link-mismatch analysis, and heuristic pattern matching — happens entirely on your device. No data leaves your browser for these core features.

Optional Features That Make Network Requests

The following optional features, when explicitly enabled by you, do make network requests:

Google Safe Browsing API — When enabled, URL hashes (not full URLs) are checked against Google's Safe Browsing service to identify known threats. This is governed by Google's Privacy Policy.
Crowd Intel Reporting (opt-in) — If you choose to participate, you can report suspicious URLs to help protect other users. This is strictly opt-in and never enabled by default.
URL Expansion — Shortened URLs (bit.ly, t.co, etc.) are expanded by following redirects to reveal the final destination. This requires a network request to the URL shortening service.
WHOIS / RDAP Lookups — When viewing domain details, registration information may be fetched from public RDAP services.

All of these features are off by default or only triggered by explicit user action. You are always in control.

Data Storage

Your preferences (hover delay, thresholds, whitelist/blacklist, protection mode) are stored locally using chrome.storage.sync. This is Chrome's built-in storage that syncs your settings across your own devices if you're signed into Chrome. No third party can access this data.

Third-Party Services

PhishFry does not integrate with any advertising networks, analytics platforms, or data brokers. The only third-party services involved are those listed in the "Optional Features" section above, and only when you explicitly enable them.

Children's Privacy

PhishFry does not collect data from anyone, including children. There is nothing to collect.

Changes to This Policy

If we ever change this policy, we'll update the effective date at the top and notify users through the extension update notes. Given that our policy is "we don't collect data," we don't anticipate significant changes.

Contact

Questions or concerns about privacy? Reach us at privacy@phishfry.ai.