Data Protection
Our commitment
AssetPullKit is designed from the ground up to collect as little data as possible. The extension collects zero data. This page explains exactly why that is possible and what it means for you.
Data protection is not an afterthought for us. It is a fundamental design principle. The best way to protect your data is to never collect it in the first place.
Local processing
Every capability in AssetPullKit, including CSS inspection, image extraction, SVG detection, color palette analysis, font grouping, and Lottie animation detection, runs entirely within your Chrome browser using standard web extension APIs.
This architecture means:
- No page content ever leaves your machine.
- There is no AssetPullKit backend server that receives, stores, or processes your browsing activity.
- The extension works without an internet connection once installed.
- Uninstalling the extension immediately and completely removes it from your system.
Extension permissions
The extension requests only the permissions it actually needs:
- activeTab: allows the extension to access the current tab when you click the icon. It cannot access other tabs or browse your history.
- scripting: allows the extension to inject a content script into the active tab to perform DOM scanning. This script runs locally and does not transmit data.
- downloads: allows the extension to save files (images, SVGs, JSON) to your local device when you choose to download them.
- clipboardWrite: allows the extension to copy text (CSS, URLs, color values) to your clipboard when you click copy buttons.
The extension does not request tabs, history, cookies, storage, or any other permission that would enable it to observe your broader browsing activity.
Website data
This marketing website uses Google Analytics 4 and Vercel Analytics to collect anonymous aggregate data about visitor numbers and page performance. This is entirely separate from the extension and is used only to understand how many people visit assetpullkit.com.
We do not use tracking pixels, third-party advertising networks, or any other data collection mechanisms beyond those stated in our Privacy Policy.
Data storage
The extension uses Chrome's local extension storage only if necessary to persist user preferences (such as the last-active tab). Any such preferences are stored exclusively on your local device and are never synced to any external server by us.
Scan results are held in memory only for the duration of your session. Closing the extension or navigating away discards all scan data.
Security
Because the extension operates entirely locally, the conventional risks of server-side data breaches do not apply. There is no database of user data for attackers to target.
The extension source code is reviewed prior to each Chrome Web Store submission. We follow Manifest V3 best practices to minimise the extension's attack surface.
GDPR and regional data protection law
Because the AssetPullKit extension collects no personal data, the GDPR, CCPA, and equivalent regional laws do not impose data subject rights obligations on us with respect to extension usage. There is simply no data to provide, correct, or delete.
For data collected through this website (analytics), we act as a data controller. You may exercise your rights under applicable law by contacting us at info@assetpullkit.com. See our Privacy Policy for more details.