Privacy Policy for X Swift Extension

Overview

X Swift is a browser extension that allows users to route browser network traffic for selected domains through proxy servers configured by the user. This Privacy Policy explains in detail how data is handled, processed, stored, and protected.

Scope of This Policy

This policy applies exclusively to the X Swift browser extension and does not apply to third-party proxy services, external domain list sources, or websites accessed through the extension.

Data We Store Locally

X Swift stores the following data locally on your device only using the browser's secure storage API (chrome.storage.local):

1. Proxy Configuration Data

• Encrypted proxy tokens — User-provided tokens containing proxy server credentials, encrypted using AES-GCM encryption before storage
• Proxy server details — Host, port, username, and password (stored in encrypted form)
• Proxy mode settings — User preference for "Selective Mode" (specific domains only) or "All Traffic Mode"

2. Domain Management Data

• Custom domain lists — Domains manually added by the user for proxy routing
• External source URLs — URLs to external domain lists (e.g., GitHub raw files) added by the user
• Domain source settings — Enable/disable status for each domain source
• Domain count metadata — Number of domains loaded from each source (for display purposes only)

3. Extension Preferences

• Proxy enabled/disabled state — Whether proxy is currently active
• Last known proxy state — For restoring settings after browser restart
• Source toggle states — Which domain sources are active

4. Temporary Session Data

• Detected failed domains — Domains that failed to load on the current page (stored only during browsing session, not persisted)
• Current tab information — URL and domain of active tab (used only for "Quick Add" feature, not stored)

Important: All stored data remains on your device and is never transmitted to servers controlled by the developer. Data is accessible only by the extension itself.

How We Use Permissions

X Swift requests the following permissions, which are strictly necessary for core functionality:

1. proxy Permission

Purpose: To configure and manage browser proxy settings.

Usage: Enables/disables proxy, generates PAC (Proxy Auto-Configuration) scripts based on your domain lists, and applies routing rules.

Data Access: Does not access webpage content or browsing history.

2. storage Permission

Purpose: To store extension configuration locally on your device.

Usage: Saves proxy settings, domain lists, and preferences using secure browser storage.

Data Access: Only accesses extension's own storage namespace, not accessible to other extensions or websites.

3. webRequest and webRequestAuthProvider Permissions

Purpose: To provide automatic proxy authentication without user interruption.

Usage: When a proxy server requests authentication, the extension automatically provides stored credentials, preventing repeated authentication dialogs.

Data Access: Only intercepts proxy authentication challenges, does not read, modify, or store the content of web requests or responses.

4. activeTab Permission

Purpose: To read the URL of the currently active tab for the "Quick Add" feature.

Usage: Allows users to quickly add the current page's domain to their proxy list by clicking the "Quick Add" button in the extension popup.

Data Access: Only accesses the tab's URL (domain name), not page content, form data, or cookies. Access is temporary and not stored.

5. scripting Permission

Purpose: To inject content scripts for domain detection functionality.

Usage: Used as a fallback mechanism if the content script hasn't loaded yet when the user opens the popup.

Data Access: Injects code only for detecting failed resource loads (images, scripts, stylesheets), does not access page content or user data.

6. Host Permissions (<all_urls>)

Purpose: Required for three critical features:

• Content Script Injection: To detect blocked/failed resources on any website the user visits, helping identify domains that need proxy routing
• Proxy Authentication: To intercept proxy authentication requests from any domain routed through the proxy
• PAC Script Application: To evaluate all URLs for proxy routing decisions (technical requirement of PAC scripts)

What We DON'T Do:

• Read webpage content or HTML
• Access form data or user inputs
• Intercept or modify network traffic content
• Track browsing history or behavior
• Inject ads, scripts, or modify pages

Automatic Domain Detection Feature

X Swift includes a content script that monitors resource loading on web pages to help users identify domains that may be blocked and require proxy routing.

How It Works:

• Listens for resource loading errors (failed images, scripts, stylesheets, iframes)
• Extracts domain names from failed resource URLs
• Displays detected domains in the extension popup
• Allows users to quickly add these domains to their proxy list

What Is NOT Accessed:

• Webpage text content or HTML structure
• Form inputs or user-entered data
• Cookies, authentication tokens, or credentials
• Successfully loaded resource contents
• Any data from successfully loading resources

Detected domain information is temporary and not persisted after the browser tab is closed.

Data We Do NOT Collect, Store, or Transmit

X Swift does not collect, sell, rent, transmit, share, or process the following types of data:

• Browsing history — Websites you visit or URLs you access
• Webpage contents — Text, HTML, images, or any page content
• Form data — Passwords, usernames, credit card information, or any form inputs
• Network traffic contents — The actual data transmitted through proxy connections
• Personal information — Name, email, address, phone number, or any identifiable information
• Cookies or authentication tokens — Website login sessions or credentials
• Analytics or telemetry — Usage statistics, feature usage, or behavioral data
• Tracking data — Cross-site tracking, fingerprinting, or advertising identifiers
• Device information — Device IDs, hardware specs, or operating system details
• Location data — GPS coordinates, IP addresses, or geolocation information
• Search queries — Search terms entered in search engines or websites

No data is uploaded to developer-controlled servers. The extension does not communicate with any backend servers, APIs, or cloud services operated by the developer.

Data Security and Encryption

Proxy Credential Protection

Proxy server credentials (tokens containing host, port, username, password) are encrypted before storage using:

• Algorithm: AES-GCM (256-bit)
• Key Derivation: Based on a secure encryption key
• Storage: Encrypted data stored in browser's secure storage API

Access Control

• Stored data is accessible only by the X Swift extension
• Other extensions cannot access X Swift's storage
• Websites cannot access extension storage
• Data is isolated per Chrome user profile

External Domain List Requests

X Swift allows users to load domain lists from external URLs (e.g., GitHub raw files, public text file URLs) that they manually configure.

When External Requests Occur:

• Only when a user manually adds an external domain source URL
• When the user clicks "Test" or "Add" for an external source
• When the extension updates domain lists (user-initiated only)

What Is Sent in These Requests:

External requests are simple HTTP GET requests that do not include:

• Personal information or user identifiers
• Browsing history or cookies
• Device information or fingerprints
• Extension configuration or proxy credentials
• Any tracking parameters or analytics data

These requests fetch plain text domain lists (one domain per line) and are controlled entirely by the user.

Third-Party Proxy Services

Important Disclosure: X Swift does not provide, operate, manage, control, or endorse any proxy servers.

User Responsibility:

When you configure a proxy server in X Swift:

• You are connecting to a third-party proxy service chosen by you
• Your network traffic will be routed through that proxy provider
• The proxy provider may see, log, or store your traffic data according to their own privacy policy
• X Swift does not control, access, or have visibility into proxy provider's data handling practices

Proxy Provider Data Handling:

Third-party proxy services may:

• Collect IP addresses, browsing data, and traffic metadata
• Log connection times and bandwidth usage
• Store or analyze network traffic contents
• Share data with third parties or law enforcement
• Be subject to different jurisdictions and privacy laws

Users are solely responsible for:

• Selecting trustworthy and reputable proxy providers
• Reviewing proxy providers' privacy policies and terms of service
• Understanding applicable laws and regulations
• Ensuring compliance with their own organizational or legal requirements

X Swift's Role:

X Swift acts only as a configuration tool to route browser traffic through user-specified proxies. The extension itself:

• Does not read, inspect, modify, or log traffic contents
• Does not store traffic data or connection logs
• Does not share user data with proxy providers (beyond standard proxy protocol requirements)
• Does not receive data from proxy providers

User Rights and Data Control

Right to Access

You can view all data stored by the extension at any time through:

• Extension settings page (for domain lists and configuration)
• Browser developer tools: chrome://extensions → X Swift → "Inspect views: service worker" → Console → Application → Storage

Right to Deletion

You can delete extension data at any time by:

• Partial deletion: Clear specific domain lists or proxy configuration in extension settings
• Complete deletion: Uninstall the extension to remove all stored data
• Manual deletion: Use browser's "Clear extension data" feature in chrome://extensions

Right to Portability

You can export your domain lists by:

• Opening the extension settings page
• Copying domain list content from the text area
• Saving to a local file for backup or transfer

Right to Modification

You can modify or update any stored data at any time through the extension interface.

Data Retention

• Duration: Data is retained indefinitely until you delete it or uninstall the extension
• Automatic deletion: All extension data is automatically deleted when you uninstall X Swift
• Browser sync: If Chrome Sync is enabled, extension settings may be synced across your devices (controlled by Chrome, not X Swift)
• No remote storage: No data is stored on developer servers, so there are no remote backups to delete

Support and Voluntary Communication

If you contact support via email or GitHub:

• Information you voluntarily provide (e.g., bug descriptions, screenshots) is used solely to respond to your inquiry
• No personal information is required; you may use anonymous accounts
• Support communications are not shared with third parties
• Information is retained only as long as necessary to resolve your issue
• You may request deletion of support communications at any time

Children's Privacy

X Swift is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction) and does not knowingly collect data from children.

The extension requires understanding of proxy configuration and network concepts, making it unsuitable for children.

If you believe a child has used the extension, please contact us at the email below, and we will provide guidance on data removal (though no data is collected by us).

Legal Basis for Data Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws:

Legal Basis:

• Consent: By installing and using X Swift, you explicitly consent to local data storage as described in this policy
• Legitimate Interest: Processing is necessary for the extension to provide core functionality (proxy routing)
• Contractual Necessity: Data processing is necessary to deliver the service you requested by installing the extension

Your GDPR Rights:

• Right to access: View all stored data
• Right to rectification: Correct inaccurate data
• Right to erasure: Delete all data by uninstalling
• Right to restrict processing: Disable the extension
• Right to data portability: Export domain lists
• Right to object: Stop using the extension
• Right to withdraw consent: Uninstall at any time

To exercise these rights, simply use the extension's built-in controls or uninstall it. For questions, contact: mixaa1998@gmail.com

International Data Transfers

X Swift stores all data locally on your device, so no international data transfers occur as a result of using the extension itself.

However, if you configure a proxy server located in another country, your network traffic will be routed through that location according to standard proxy protocols. This is controlled by you and the proxy provider, not by X Swift.

Changes to This Privacy Policy

This Privacy Policy may be updated periodically to reflect:

• Changes in extension functionality
• Changes in legal requirements
• Improvements in privacy practices
• Clarifications based on user feedback

Notification of Changes:

• Material changes will be announced in extension update notes
• The "Last Updated" date at the top of this policy will be updated
• Continued use of the extension after changes constitutes acceptance of the updated policy

Previous versions of this policy are available upon request.

Contact Information

For questions, concerns, or requests regarding this Privacy Policy or data handling practices:

Email: mixaa1998@gmail.com
GitHub: [Your GitHub repository URL if available]
Response Time: We aim to respond within 5 business days

Compliance and Certifications

• GDPR Compliant: For European Economic Area users
• CCPA Aware: For California residents (no personal information sold)
• Chrome Web Store Policy: Compliant with Google's Developer Program Policies

Transparency Commitment

X Swift is committed to transparency:

• Source code can be reviewed by examining the extension files
• No obfuscated or minified code (except third-party libraries like crypto APIs)
• Clear documentation of all permissions and their purposes
• Open communication with users via support channels

Consent

By installing, enabling, or using X Swift, you acknowledge that you have read, understood, and agree to this Privacy Policy.

If you do not agree with any part of this policy, please do not install or use the extension.

You may withdraw consent at any time by uninstalling the extension, which will delete all locally stored data.

Note for Proxy Users: This policy covers only the X Swift extension itself. When using proxy services, you are subject to the proxy provider's privacy policy and terms of service. Always review and understand the policies of any proxy service you use.