Security
How we keep your data safe — by never collecting it in the first place.
Architecture: Local by Design
Every SuperchargeBrowser extension runs 100% on your device. There are no backend servers, no cloud syncing, and no analytics endpoints. Your browsing data never leaves your machine.
- No remote servers: Our extensions make zero outbound network requests during normal operation. You can verify this yourself using Chrome DevTools (Network tab).
- No telemetry: We do not collect usage analytics, crash reports, or behavioral data from the extensions.
- No cloud sync: All settings and data are stored locally in your browser's
chrome.storage.local.
Chrome Manifest V3
All SuperchargeBrowser extensions are built on Chrome's Manifest V3 platform, which provides stronger security guarantees than the legacy MV2 architecture:
- Service workers replace persistent background pages — no long-running processes with broad access.
- declarativeNetRequest replaces the webRequest API for content blocking — the browser applies rules directly without the extension intercepting your traffic.
- Content Security Policy prevents inline script execution and restricts resource loading.
- Host permissions are declared upfront and reviewable before installation.
Supply Chain Security
- Secret scanning: Every commit is scanned with gitleaks to prevent accidental credential exposure.
- Dependency auditing: We monitor dependencies for known vulnerabilities and keep them up to date.
- Automated testing: Hundreds of unit tests (Vitest) and end-to-end tests (Playwright) run on every change to catch regressions.
- Chrome Web Store review: Every update is reviewed by Google before being published to users.
Permissions We Request
We request only the permissions necessary for each extension's features. For a detailed breakdown of every permission and why it is needed, see our Privacy Policy.
Reporting a Vulnerability
If you discover a security issue in any SuperchargeBrowser extension, please report it responsibly:
- Email: support@superchargebrowser.com
- Subject line:
Security Report — [Extension Name]
We take every report seriously and will respond within 48 hours. Please do not publicly disclose the issue until we have had a chance to investigate and address it.
Related
- Privacy Policy — what data we collect (and don't)
- Open Source — the technologies we build on