Auth Bridge Extension Privacy Policy

Last Updated: January 2026

Overview

The Auth Bridge Chrome Extension is a privacy-first tool designed to help you securely manage authentication across web applications. This privacy policy explains how the Extension handles your data and respects your privacy.

Auth Bridge processes all data locally on your device. We do not collect, store, or transmit your authentication data to our servers unless you explicitly authorize it.

What Auth Bridge Does

Auth Bridge securely automates authentication across platforms by monitoring and extracting authentication data (cookies and tokens) from your browser during login processes. All operations happen locally on your device.

Data Collection and Storage

Auth Bridge only collects credentials when you explicitly request them. Data is held temporarily in memory during the authentication process and is never stored on your device.

On-Demand Data Access

The Extension only accesses cookies and local storage when you explicitly ask it to retrieve credentials. Outside of these moments, no data is collected or monitored.

Temporary In-Memory Storage

When you authorize credential retrieval:

  • Data is held only in memory during the active authentication flow
  • Once the flow completes, all in-memory data is cleared
  • The Extension never stores credentials persistently on your device
  • Data is only transmitted when you explicitly authorize it

Secure Transmission

When credentials are transmitted to User Manager, they are encrypted with HTTPS/TLS and stored securely in our backend database.

What Data Does the Extension Access?

Only when explicitly needed for authentication:

  • Cookies:Authentication tokens and session cookies from external platforms
  • Local Storage:JWT tokens and authentication data stored by websites
  • URLs:Redirect URLs to detect login completion and extract data

Extension Permissions Explained

Chrome requires extensions to declare their permissions. Here's what Auth Bridge needs and why:

cookies (Required)

Read and monitor authentication cookies to detect login completion. Read-only access—never modified.

tabs (Required)

Manage tabs during authentication and detect login completion via URL changes.

scripting (Optional)

Extract authentication data from local storage when necessary. Requested on-demand during authentication.

<all_urls> (Optional)

Access cookies on external platforms (Slack, Hex, Dagster, etc.). Only requested when you authenticate with these services.

How We Protect Your Data

  • Local Processing: All data is processed on your device. Never transmitted without your authorization.
  • Encryption in Transit: Data transmitted to User Manager is encrypted with HTTPS/TLS.
  • Secure Backend Storage: Credentials are encrypted and stored securely in the User Manager database.
  • In-Memory Only: The Extension does not persistently store credentials in your browser.
  • Minimal Permissions: Only essential permissions are requested, following the principle of least privilege.

When Data is Shared

Auth Bridge is designed to share data with the User Manager application when needed:

User Manager Backend

When you complete authentication, the Extension transmits credentials to the User Manager backend. This is necessary for:

  • Storing your authentication tokens securely
  • Syncing users across connected platforms
  • Managing your access to external services

No Third-Party Sharing

The Extension does not share data with third parties, advertisers, or analytics services. We do not sell or trade your data.

External Platforms

The Extension interacts with external platforms (Slack, Hex, Dagster, etc.) only to read cookies and local storage necessary for authentication. The Extension itself does not send data to these platforms.

What We Don't Collect

  • No usage tracking: We don't track which websites you visit or which logins you authenticate.
  • No analytics: No usage analytics or diagnostic data is collected.
  • No personal information: We don't collect names, emails, or other data beyond what you provide to User Manager.
  • No telemetry: No crash reports or diagnostic data sent without your consent.
  • No passwords: Only existing session tokens and cookies are used—passwords are never stored.

Your Rights and Control

You have full control over the Extension:

Disable or Uninstall

You can disable or uninstall the Extension at any time from your Chrome Extensions page. This will stop all data collection and access immediately.

Revoke Authorization

You can revoke the Extension's permissions for specific sites in your Chrome settings.

Delete Stored Credentials

You can delete any credentials stored in User Manager at any time through the User Manager application settings.

Clear Browser Data

Clearing your browser cookies and local storage will remove the data the Extension can access from websites.

Privacy Best Practices

To protect your privacy when using Auth Bridge:

  1. 1.

    Keep your browser updated - Ensure Chrome and all extensions are up to date with the latest security patches.

  2. 2.

    Review Extension permissions - Periodically check what sites the Extension has access to and revoke access from unnecessary sites.

  3. 3.

    Use HTTPS sites - Only authenticate on secure HTTPS websites to ensure your data is encrypted.

  4. 4.

    Log out when finished - Log out from external platforms when you're done using them to minimize exposed session data.

  5. 5.

    Enable two-factor authentication - Use 2FA on platforms you connect through User Manager for additional security.

Technical Details for Advanced Users

How Auth Bridge Works

Auth Bridge is built as a Chrome Extension (Manifest V3) with three main components:

  • Background Service Worker: Monitors cookies and tab changes to detect authentication
  • Content Script: Monitors local storage changes and bridges messages between the Extension and web pages
  • Popup UI: Allows you to view and manage Extension data

URL Predicates (Advanced)

Auth Bridge can extract authentication data from redirect URLs instead of relying solely on local storage access. This reduces the amount of data the Extension needs to access from your browser.

In-Memory Processing

All sensitive data (cookies, tokens) is held only in memory during active operations. Once an authentication flow completes, in-memory data is cleared.

Changes to This Policy

We may update this privacy policy to reflect changes in our practices or technology. If we make material changes that affect your privacy, we will notify you by updating the "Last Updated" date above. Your continued use of the Extension after such modifications constitutes your acceptance of the updated policy.

Questions About This Policy

If you have questions, concerns, or requests regarding this privacy policy or Auth Bridge's data practices, please contact us:

Email: antonio@plicca.com

Website: https://plicca.com

Privacy Summary

  • Data is processed locally on your device by default
  • No automatic data transmission without your authorization
  • Encrypted transmission to User Manager when data is shared
  • No analytics, telemetry, or usage tracking
  • Open source code for full transparency
  • Full control—uninstall or disable at any time