PhishHook Privacy Policy

Overview

PhishHook is a Chrome extension that classifies social media posts on Instagram, Facebook, Twitter/X, and Reddit as safe, suspicious, or scam using on-device machine learning.

Data collected

PhishHook does not collect, transmit, or store any personal data. All post text, account metadata, and ML inference results are processed locally within your browser and are never sent to any external server or third party.

Local storage

The extension uses chrome.storage.local solely to cache loaded ML model weights between sessions. No post content, analysis results, or account data are stored persistently.

Background tab

On Instagram and Facebook, the extension may open a background tab to the platform's "About this account" page to extract public account metadata (creation date, country, former usernames). This tab is closed immediately after the data is read. The data is used only for local inference and is not stored or transmitted.

Permissions used

• scripting - injects the risk badge and analysis overlay into post DOM elements
• storage - caches ML model weights locally so they are not re-parsed on every navigation
• activeTab - runs the content script on the currently active tab
• tabs - opens a background tab to read public "About this account" data from Instagram and Facebook

Third-party services

PhishHook makes no external network requests for inference. The ML models are bundled with the extension as JSON files. No data is shared with any third party.

Contact

For any questions about this privacy policy, contact chongchoonhourafael@gmail.com.