Privacy Policy - Vault Search Pro

Last Updated: November 7, 2025
Effective Date: November 7, 2025
Version: 2.3.0

✅Privacy-First Promise

Vault Search Pro does NOT collect, store, or transmit any personal data to external servers. All your data stays in your browser and communicates only with your own Vault server.

1. Introduction

This Privacy Policy describes how Vault Search Pro ("we", "our", or "the extension") handles user data. We are committed to protecting your privacy and being transparent about our data practices.

2. Data Collection

                What We DO NOT Collect
                No personal information - We don't collect names, emails, or identities
No analytics or tracking - No usage statistics, telemetry, or behavior tracking
No search history - Search terms are not logged or stored permanently
No Vault secrets - Secret values are displayed only temporarily in memory
No third-party data sharing - Zero external services or APIs are contacted

            

What Data Stays in Your Browser

The extension stores the following data locally in your browser only using Chrome's storage API:

🌐 Vault URL

The URL of your Vault server (e.g., https://vault.company.com)

📁 Namespace

Optional Vault namespace for enterprise configurations

🔑 Auth Method

Your chosen authentication type (Token/UserPass/LDAP)

👤 Username

Only if you enable "Remember Me" for UserPass or LDAP

🎫 Session Token

Temporary Vault token stored in session memory only

⚙️ Preferences

UI settings like "Remember Me" checkbox state

🔒Important Security Note

Passwords are NEVER stored - even when "Remember Me" is enabled. Only usernames and non-sensitive configuration data are persisted. Vault tokens are stored only in session memory and cleared when you log out.

3. Data Usage

How We Use Your Data

Data stored locally in your browser is used exclusively for:

Authentication - Connecting to your Vault server
Session persistence - Keeping you logged in across browser restarts (if enabled)
Search functionality - Temporarily holding search results in memory
User preferences - Remembering your chosen settings

Data Transmission

The extension communicates only with:

Your configured Vault server - Direct API calls to authenticate and search secrets
No other destinations - Zero external services, analytics platforms, or third-party APIs

4. Chrome Permissions Explained

The extension requests the following Chrome permissions. Here's exactly why each is needed:

📦 storage

Save your Vault URL, namespace, and preferences locally so you don't have to re-enter them

📋 clipboardRead

Paste Vault URLs and tokens from clipboard into input fields

📋 clipboardWrite

Copy secret paths and values to clipboard with one click

🔔 notifications

Show non-intrusive alerts for auth success, errors, or search completion

📑 contextMenus

Add right-click menu options for quick search access

🌐 host_permissions

Connect to your Vault server (which can be on any domain/localhost)

5. Third-Party Services

🚫Zero Third-Party Services

This extension does NOT use:

❌ Google Analytics or any analytics platform
❌ Error tracking services (Sentry, Bugsnag, etc.)
❌ Advertising networks
❌ Social media integrations
❌ CDNs or external JavaScript libraries
❌ Remote code execution

6. Data Security

How We Protect Your Data

Local-only storage - All data stays in your browser's secure storage
No external transmission - Data never leaves your machine except to your Vault
HTTPS recommended - Use HTTPS connections to your Vault server
Session-based tokens - Tokens cleared on logout or browser close
Content Security Policy - Prevents malicious code injection
No password persistence - Passwords never stored on disk

7. Data Retention

How Long Data is Kept

Settings & URL: Stored until you manually clear them or uninstall the extension
Session tokens: Cleared when you log out or close browser
Search results: Held in memory only during active session, cleared on popup close
Passwords: Never stored, entered only in session memory

How to Delete Your Data

You can delete all stored data at any time by:

Opening the extension popup
Going to the Settings tab
Clicking "Clear Settings" or "Logout"
OR uninstalling the extension (removes all data immediately)

8. Children's Privacy

This extension is not directed to children under 13 years of age. We do not knowingly collect any information from children. The extension is designed for IT professionals and developers working with HashiCorp Vault.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected by updating the "Last Updated" date at the top of this page. Significant changes will be announced in the extension's Chrome Web Store listing.

10. Compliance

Chrome Web Store Policies

This extension complies with:

✅ Chrome Web Store Developer Program Policies
✅ Google API Services User Data Policy
✅ Limited Use requirements (no data collection)

Data Protection Regulations

Because we don't collect personal data, GDPR and CCPA requirements are minimal. However, we respect user privacy rights:

Right to access - All your data is visible in Chrome's extension storage
Right to deletion - Clear settings or uninstall anytime
Right to portability - Data is stored locally in your control

11. Contact Information

If you have questions about this Privacy Policy or the extension's data practices:

GitHub Issues: github.com/sachdev27/vault-search-pro/issues
Developer: Sandesh Sachdev
GitHub: @sachdev27

12. Open Source

This extension is open source! You can review the complete source code, verify our privacy claims, and contribute at:

GitHub Repository: github.com/sachdev27/vault-search-pro

🎯Summary

Your privacy is our priority. Vault Search Pro is designed with a privacy-first approach:

✅ No data collection or tracking
✅ Everything stays in your browser
✅ Direct communication with your Vault only
✅ Open source and verifiable
✅ Complete user control over data

← Back to Home

🔐 Privacy Policy