Browser Extension Privacy Policy
Last Updated: January 2026
This policy describes the data practices specific to the DataScoop Insights browser extension for Google Chrome. This policy supplements our main Privacy Policy.
1. Data We Collect
The DataScoop Insights extension collects and processes the following information:
| Data Type | Description | Purpose |
|---|---|---|
| Application Numbers | Application identifiers you enter manually or that are read from the DataScoop LOS interface | To retrieve and display risk assessments |
| Authentication Credentials | OAuth tokens obtained when you sign in with your DataScoop account | To authenticate API requests on your behalf |
| User Profile Information | Email address and basic profile from your DataScoop account | To identify your session and permissions |
2. Data We Do NOT Collect
The DataScoop Insights extension does not collect, store, or transmit:
- Browsing history or activity on other websites
- Personal files or documents on your computer
- Keystrokes or form data outside of the extension interface
- Data from websites other than los.datascoop.ai
- Analytics, telemetry, or usage tracking data
3. How We Use Your Data
- Application Numbers are sent to our secure API to retrieve risk assessment data, which is then displayed in the extension's side panel.
- Authentication Tokens are used solely to verify your identity and authorize access to risk assessment data.
- Profile Information is used only to establish your authenticated session.
4. Data Storage
| Data | Storage Location | Retention |
|---|---|---|
| Authentication tokens | Browser session storage | Automatically deleted when you close your browser |
| Application numbers | Memory only (not persisted) | Cleared when you close the extension |
We do not store any data on your device permanently. All session data is automatically cleared when your browser is closed.
5. Browser Permissions
The extension requests the following permissions:
| Permission | Why It's Needed |
|---|---|
| identity | To authenticate you with your DataScoop account using secure OAuth 2.0 |
| storage | To temporarily store authentication tokens in session storage |
| scripting | To extract the application number from the DataScoop LOS interface |
| sidePanel | To display the risk assessment interface in a side panel |
6. Third-Party Services
The extension uses AWS Cognito for authentication. When you sign in, you are authenticating directly with AWS Cognito, which is subject to the AWS Privacy Policy. We receive only the authentication tokens and basic profile information necessary to verify your identity.
7. Your Rights and Controls
You can:
- Close your browser to automatically delete all session data
- Uninstall the extension to remove it completely from your browser
- Request data deletion by contacting us
8. Data Security
- All authentication uses OAuth 2.0 with PKCE (Proof Key for Code Exchange) for enhanced security
- Tokens are stored only in browser session storage, never in persistent local storage
- All network communication is encrypted with TLS
- The extension does not store, log, or cache risk assessment data
9. Children's Privacy
The DataScoop Insights extension is intended for business use by authorized professionals. It is not intended for use by children under the age of 18.
10. Changes to This Policy
We may update this privacy policy to reflect changes to the extension. We will notify users of significant changes by updating the "Last Updated" date above. Your continued use of the extension after any changes constitutes your acceptance of the new policy.
11. Contact Us
If you have questions about this privacy policy or the extension's data practices, please contact us.