Autotend Forensics for Chrome — Privacy Policy

Last updated: May 12, 2026

Autotend Forensics for Chrome auto-scans downloaded .docx, .pdf, .xlsx, and .pptx files for tampering and provenance anomalies. This page describes what data the extension touches and where it goes.

1. What stays on your machine

All parsing happens inside your browser. The extension reads the file from your local Downloads folder, parses it in an offscreen document, and runs the structural detectors from @neureaux/forensics-core entirely client-side. No document content — bytes, text, or metadata — is uploaded anywhere.

2. What we store, and where

  • Scan records — filename, scan timestamp, signal list, and a content hash for de-duplication. Stored in Chrome extension local storage, which lives on your machine.
  • Per-site preferences — if you mute scans for a specific domain in the options page, that preference is stored in extension local storage.

Scan records auto-delete after 30 days unless you upgrade to the paid Autotend Forensics web product for persistent history. You can clear scan history at any time from the extension's options page.

3. Permissions, and why

  • downloads — observe that a file finished downloading so the extension can scan it. Required.
  • offscreen — run the parser/scoring code outside the short-lived service-worker to avoid mid-scan interruptions.
  • scripting + tabs — show the optional in-page overlay banner on the tab where the download started. Off by default.
  • notifications — show the system notification when a medium- or high-severity signal fires.
  • storage — persist scan records and user preferences locally.
  • host_permissions: <all_urls> — required so the extension can show its overlay on whatever tab the download was initiated from. The extension does NOT read page content.

4. Telemetry

None. There is no telemetry on installs, uninstalls, or scans in v1. Chrome Web Store dashboards may report aggregate install counts to Autotend; those are Google's dashboards, not ours, and we have no control over them beyond viewing the totals.

5. Third-party services

The extension makes one outbound HTTP call: when you click the upgrade link on the detail page, your browser navigates to https://forensics.autotend.io with UTM query parameters so we can attribute the click. This is a regular navigation, not a background request — you choose to click it.

6. Notification policy

We only notify on actual signal. A system notification fires when either any signal at severity high is detected, or two or more signals at severity medium. Below that threshold, the scan is logged silently to the extension popup without disturbing you.

7. Contact

For privacy questions or to request deletion of any data held by Autotend (the web product, not the extension — the extension stores nothing on our servers), email privacy@autotend.io.