Privacy Policy for X Swift Extension

Overview

X Swift is a browser extension that allows users to route browser network traffic for selected domains through proxy servers configured by the user. This Privacy Policy explains in detail how data is handled, processed, stored, and protected.

Scope of This Policy

This policy applies exclusively to the X Swift browser extension and does not apply to third-party proxy services, external domain list sources, or websites accessed through the extension.

Data We Store Locally

X Swift stores the following data locally on your device only using the browser's secure storage API (chrome.storage.local):

1. Proxy Configuration Data

• Encrypted proxy tokens — User-provided tokens containing proxy server credentials, encrypted using AES-GCM encryption before storage
• Proxy server details — Host, port, username, and password (stored in encrypted form)
• Proxy mode settings — User preference for "Selective Mode" (specific domains only) or "All Traffic Mode"

2. Domain Management Data

• Custom domain lists — Domains manually added by the user for proxy routing
• External source URLs — URLs to external domain lists (e.g., GitHub raw files) added by the user
• Domain source settings — Enable/disable status for each domain source
• Domain count metadata — Number of domains loaded from each source (for display purposes only)

3. Extension Preferences

• Proxy enabled/disabled state — Whether proxy is currently active
• Last known proxy state — For restoring settings after browser restart
• Source toggle states — Which domain sources are active

4. Temporary Session Data

• Detected failed domains — Domains that failed to load on the current page (stored only during browsing session, not persisted)
• Current tab information — URL and domain of active tab (used only for "Quick Add" feature, not stored)
• Stage 2 scan history — A list of domains for which automatic sub-resource scanning has already been completed, stored locally to avoid redundant re-scans. Contains only domain names, no URLs, page content, or personal data. Automatically trimmed when it exceeds 1000 entries, and fully deleted when the extension is uninstalled.

Important: All stored data remains on your device and is never transmitted to servers controlled by the developer. Data is accessible only by the extension itself.

How We Use Permissions

X Swift requests the following permissions, which are strictly necessary for core functionality:

1. proxy Permission

Purpose: To configure and manage browser proxy settings.

Usage: Enables/disables proxy, generates PAC (Proxy Auto-Configuration) scripts based on your domain lists, and applies routing rules.

Data Access: Does not access webpage content or browsing history.

2. storage Permission

Purpose: To store extension configuration locally on your device.

Usage: Saves proxy settings, domain lists, and preferences using secure browser storage.

Data Access: Only accesses extension's own storage namespace, not accessible to other extensions or websites.

3. webRequest and webRequestAuthProvider Permissions

Purpose: Two distinct uses — proxy authentication and automatic blocked-domain detection.

Usage 1 — Proxy authentication: When a proxy server requests authentication, the extension automatically provides stored credentials, preventing repeated authentication dialogs.

Usage 2 — Blocked domain detection: When the proxy is enabled, the extension monitors network requests on pages whose main domain is already in the proxy list. If sub-resources (images, scripts, fonts, API calls) from other domains fail to load, the extension records those domain names and may automatically add them to the proxy list (see "Automatic Domain Detection" section below). Only the domain name part of failed request URLs is extracted and evaluated — full URLs, request headers, cookies, and response bodies are never read or stored.

Data Access: Only reads the hostname of blocked/failed network requests and intercepts proxy authentication challenges. Does not read, modify, or store request/response content.

4. tabs Permission

Purpose: To read the URL of the currently active tab.

Usage: Allows the extension popup to detect the current page domain for the "Quick Add" button, display the correct domain in the interface, and determine whether the current site is in the proxy list. Also used by the right-click context menu (see contextMenus below) to identify the domain of the page or link.

Data Access: Only reads tab URLs (domain names). Tab content, form data, and cookies are never accessed or stored.

5. scripting Permission

Purpose: To inject content scripts for domain detection functionality.

Usage: Injects a lightweight script into web pages that monitors for failed resource loads (images, scripts, stylesheets, iframes) to help identify domains that may need proxy routing.

Data Access: The injected script only detects failed resource URLs (domain names), does not access page content, user inputs, or any personal data.

6. webNavigation Permission

Purpose: To detect when a page has finished loading.

Usage: Listens for page navigation completion events on domains that are in the proxy list. This triggers automatic scanning for additional blocked sub-resources, helping users discover related domains that also need proxy routing (Stage 2 scan).

Data Access: Only receives the tab ID and URL when navigation completes. No page content, history, or user data is accessed.

7. contextMenus Permission

Purpose: To add right-click context menu options for quick domain management.

Usage: Adds two items to the browser right-click menu: "Add current page to proxy list" (available on any page) and "Add link domain to proxy list" (available when right-clicking a hyperlink). This lets users add domains without opening the extension popup.

Data Access: Only reads the URL of the page or link that was right-clicked. No other page data is accessed.

8. notifications Permission

Purpose: To display brief status notifications to the user.

Usage: Shows system notifications when domains are automatically added to the proxy list during background scanning, so the user is informed of changes made while the popup is closed.

Data Access: Notifications are one-way (extension → user). No data is collected from notifications.

9. alarms Permission

Purpose: To schedule periodic background tasks reliably within the Manifest V3 service worker lifecycle.

Usage: The extension uses two recurring alarms:

• Proxy state verification — runs every 1 minute to confirm that Chrome's proxy settings still match what X Swift configured (detects conflicts with other extensions or system changes)
• External domain list refresh — runs every 24 hours to re-fetch domain lists from user-configured external URLs (e.g., a GitHub raw file), ensuring the list stays up to date without requiring a manual reload

Data Access: Alarms only trigger internal logic. No user data is read, transmitted, or stored as a result of alarm events.

10. Host Permissions (<all_urls>)

Purpose: Required for three critical features:

• Content Script Injection: To detect blocked/failed resources on any website the user visits, helping identify domains that need proxy routing
• Proxy Authentication: To intercept proxy authentication requests from any domain routed through the proxy
• PAC Script Application: To evaluate all URLs for proxy routing decisions (technical requirement of PAC scripts)

What We DON'T Do:

• Read webpage content or HTML
• Access form data or user inputs
• Intercept or modify network traffic content
• Track browsing history or behavior
• Inject ads, scripts, or modify pages

Incognito Mode

X Swift operates in spanning incognito mode. This means:

• A single instance of the extension service worker is shared between normal and incognito browser windows.
• Proxy rules configured by the user will apply in incognito windows in the same way they apply in normal windows. If the proxy is enabled, incognito traffic to domains in the proxy list will be routed through the configured proxy server.
• The extension does not store any additional data as a result of incognito browsing. No history, visited URLs, or session data is recorded.
• Users who do not wish to use the proxy in incognito mode can disable the extension for incognito windows via chrome://extensions → X Swift → "Allow in Incognito".

Automatic Domain Detection Feature

X Swift includes an intelligent domain detection system that operates in two stages to help users route all necessary resources through the proxy without manual configuration.

Stage 1 — Content Script Monitoring (passive):

A lightweight content script runs on every page you visit. It listens for resource loading errors (failed images, scripts, stylesheets, iframes) and reports the failing domain names to the extension background service. This happens passively and only domain names are extracted — no page content, form data, or URLs beyond the hostname are accessed.

Stage 2 — Automatic Sub-Resource Scan (active, proxy-enabled only):

When the proxy is enabled and you navigate to a page whose main domain is already in your proxy list, the extension performs an active scan: it cross-references domains of failed network requests (detected via webRequest) with your proxy list. Domains that are not yet in the list and appear to be blocked are automatically added to your proxy list and the page is silently reloaded so those resources load correctly. A system notification is shown to inform you of any automatic additions made while the popup is closed.

This automatic behavior applies only to pages whose primary domain you have already explicitly added to the proxy list. It does not scan arbitrary websites you visit.

What Is NOT Accessed During Detection:

• Webpage text content or HTML structure
• Full request or response URLs beyond the domain name
• Form inputs or user-entered data
• Cookies, authentication tokens, or credentials
• Contents of successfully loaded resources

Detected domain names that are added to the proxy list are stored locally in your domain list (same storage as manually added domains). You can review, edit, or remove them at any time via the extension settings page.

Data We Do NOT Collect, Store, or Transmit

X Swift does not collect, sell, rent, transmit, share, or process the following types of data:

• Browsing history — Websites you visit or URLs you access
• Webpage contents — Text, HTML, images, or any page content
• Form data — Passwords, usernames, credit card information, or any form inputs
• Network traffic contents — The actual data transmitted through proxy connections
• Personal information — Name, email, address, phone number, or any identifiable information
• Cookies or authentication tokens — Website login sessions or credentials
• Analytics or telemetry — Usage statistics, feature usage, or behavioral data
• Tracking data — Cross-site tracking, fingerprinting, or advertising identifiers
• Device information — Device IDs, hardware specs, or operating system details
• Location data — GPS coordinates, IP addresses, or geolocation information
• Search queries — Search terms entered in search engines or websites

No data is uploaded to developer-controlled servers. The extension does not communicate with any backend servers, APIs, or cloud services operated by the developer.

Data Security and Encryption

Proxy Credential Protection

Proxy server credentials (tokens containing host, port, username, password) are encrypted before storage using:

• Algorithm: AES-GCM (256-bit)
• Key Derivation: Based on a secure encryption key
• Storage: Encrypted data stored in browser's secure storage API

Access Control

• Stored data is accessible only by the X Swift extension
• Other extensions cannot access X Swift's storage
• Websites cannot access extension storage
• Data is isolated per Chrome user profile

External Domain List Requests

X Swift allows users to load domain lists from external URLs (e.g., GitHub raw files, public text file URLs) that they manually configure.

When External Requests Occur:

• When a user manually adds an external domain source URL and clicks "Test" or "Add"
• When the extension starts up and restores its previous state
• Automatically every 24 hours — the extension re-fetches all user-configured external domain list URLs to keep the lists up to date (triggered by a background alarm)

What Is Sent in These Requests:

External requests are simple HTTP GET requests that do not include:

• Personal information or user identifiers
• Browsing history or cookies
• Device information or fingerprints
• Extension configuration or proxy credentials
• Any tracking parameters or analytics data

These requests fetch plain text domain lists (one domain per line) and are directed only to URLs that the user has explicitly configured. The developer has no control over or access to the servers at those URLs.

Third-Party Proxy Services

Important Disclosure: X Swift does not provide, operate, manage, control, or endorse any proxy servers.

User Responsibility:

When you configure a proxy server in X Swift:

• You are connecting to a third-party proxy service chosen by you
• Your network traffic will be routed through that proxy provider
• The proxy provider may see, log, or store your traffic data according to their own privacy policy
• X Swift does not control, access, or have visibility into proxy provider's data handling practices

Proxy Provider Data Handling:

Third-party proxy services may:

• Collect IP addresses, browsing data, and traffic metadata
• Log connection times and bandwidth usage
• Store or analyze network traffic contents
• Share data with third parties or law enforcement
• Be subject to different jurisdictions and privacy laws

Users are solely responsible for:

• Selecting trustworthy and reputable proxy providers
• Reviewing proxy providers' privacy policies and terms of service
• Understanding applicable laws and regulations
• Ensuring compliance with their own organizational or legal requirements

X Swift's Role:

X Swift acts only as a configuration tool to route browser traffic through user-specified proxies. The extension itself:

• Does not read, inspect, modify, or log traffic contents
• Does not store traffic data or connection logs
• Does not share user data with proxy providers (beyond standard proxy protocol requirements)
• Does not receive data from proxy providers

User Rights and Data Control

Right to Access

You can view all data stored by the extension at any time through:

• Extension settings page (for domain lists and configuration)
• Browser developer tools: chrome://extensions → X Swift → "Inspect views: service worker" → Console → Application → Storage

Right to Deletion

You can delete extension data at any time by:

• Partial deletion: Clear specific domain lists or proxy configuration in extension settings
• Complete deletion: Uninstall the extension to remove all stored data
• Manual deletion: Use browser's "Clear extension data" feature in chrome://extensions

Right to Portability

You can export your domain lists by:

• Opening the extension settings page
• Copying domain list content from the text area
• Saving to a local file for backup or transfer

Right to Modification

You can modify or update any stored data at any time through the extension interface.

Data Retention

• Duration: Data is retained indefinitely until you delete it or uninstall the extension
• Automatic deletion: All extension data is automatically deleted when you uninstall X Swift
• Browser sync: If Chrome Sync is enabled, extension settings may be synced across your devices (controlled by Chrome, not X Swift)
• No remote storage: No data is stored on developer servers, so there are no remote backups to delete

Support and Voluntary Communication

If you contact support via email or GitHub:

• Information you voluntarily provide (e.g., bug descriptions, screenshots) is used solely to respond to your inquiry
• No personal information is required; you may use anonymous accounts
• Support communications are not shared with third parties
• Information is retained only as long as necessary to resolve your issue
• You may request deletion of support communications at any time

Children's Privacy

X Swift is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction) and does not knowingly collect data from children.

The extension requires understanding of proxy configuration and network concepts, making it unsuitable for children.

If you believe a child has used the extension, please contact us at the email below, and we will provide guidance on data removal (though no data is collected by us).

Legal Basis for Data Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws:

Legal Basis:

• Consent: By installing and using X Swift, you explicitly consent to local data storage as described in this policy
• Legitimate Interest: Processing is necessary for the extension to provide core functionality (proxy routing)
• Contractual Necessity: Data processing is necessary to deliver the service you requested by installing the extension

Your GDPR Rights:

• Right to access: View all stored data
• Right to rectification: Correct inaccurate data
• Right to erasure: Delete all data by uninstalling
• Right to restrict processing: Disable the extension
• Right to data portability: Export domain lists
• Right to object: Stop using the extension
• Right to withdraw consent: Uninstall at any time

To exercise these rights, simply use the extension's built-in controls or uninstall it. For questions, contact: mixaa1998@gmail.com

International Data Transfers

X Swift stores all data locally on your device, so no international data transfers occur as a result of using the extension itself.

However, if you configure a proxy server located in another country, your network traffic will be routed through that location according to standard proxy protocols. This is controlled by you and the proxy provider, not by X Swift.

Changes to This Privacy Policy

This Privacy Policy may be updated periodically to reflect:

• Changes in extension functionality
• Changes in legal requirements
• Improvements in privacy practices
• Clarifications based on user feedback

Notification of Changes:

• Material changes will be announced in extension update notes
• The "Last Updated" date at the top of this policy will be updated
• Continued use of the extension after changes constitutes acceptance of the updated policy

Previous versions of this policy are available upon request.

Contact Information

For questions, concerns, or requests regarding this Privacy Policy or data handling practices:

Email: mixaa1998@gmail.com
Response Time: We aim to respond within 5 business days

Compliance and Certifications

• GDPR Compliant: For European Economic Area users
• CCPA Aware: For California residents (no personal information sold)
• Chrome Web Store Policy: Compliant with Google's Developer Program Policies

Transparency Commitment

X Swift is committed to transparency:

• Source code can be reviewed by examining the extension files
• No obfuscated or minified code (except third-party libraries like crypto APIs)
• Clear documentation of all permissions and their purposes
• Open communication with users via support channels

Consent

By installing, enabling, or using X Swift, you acknowledge that you have read, understood, and agree to this Privacy Policy.

If you do not agree with any part of this policy, please do not install or use the extension.

You may withdraw consent at any time by uninstalling the extension, which will delete all locally stored data.

Note for Proxy Users: This policy covers only the X Swift extension itself. When using proxy services, you are subject to the proxy provider's privacy policy and terms of service. Always review and understand the policies of any proxy service you use.