Extension Privacy

This Privacy Policy describes how the DakBox Helper Chrome Extension (“the Extension”) handles your information. By using the Extension, you agree to the practices described in this policy.

1. Data Collection and Storage
The DakBox Helper Extension is designed with privacy as a priority. The Extension only collects and stores the following information locally on your device:

DakBox API Token: To connect your extension to your DakBox.net account.
Extension Preferences: Your settings, such as whether “Auto OTP Fill” or “Auto Open Inbox” are enabled.
Last Used Username: Saved locally to provide quick access the next time you open the extension.
Auto-open Events: When the extension automatically opens your inbox tab, a tracking request is sent to dakbox.net/api/auto-opens/track using your API token to enforce your plan’s monthly auto-open limit.
Temporary OTP Session: During active OTP detection, the email address being processed is temporarily stored in chrome.storage.local. It is automatically deleted once the OTP is retrieved or the session times out (5 minutes).
Where is data stored? User preferences and tokens are stored strictly locally on your device using Chrome’s chrome.storage.local API. The only data sent to external servers is your API token (for authentication) and auto-open event counts (for plan limit enforcement) — both sent exclusively to dakbox.net over HTTPS.

2. Data Usage
The information stored by the Extension is used exclusively for its core functionality:

Your API Token is used solely to authenticate and securely communicate with the official dakbox.net API to retrieve your plan details and fetch OTP verification codes.
The Extension requests permission to interact with dakbox.net (to enhance the web mailbox UI) and svp-international.pacc.sa (to detect DakBox emails and auto-fill OTP codes). The extension’s email generator and OTP helper run on all websites the user visits, solely to detect email input fields and OTP forms. The extension does not read, log, store, or transmit any content from third-party websites — it only injects a button near detected email fields.

3. Permissions Used and Why
The Extension requests the following browser permissions, each with a specific and limited purpose:

storage — Save your settings and API token locally
tabs — Open your inbox in a new tab when auto-open is triggered
scripting — Inject the element picker tool in the OTP Site Configs page
activeTab — Detect the current tab’s URL for context-aware OTP detection
host_permissions: <all_urls> — Required to inject the email generator button on email input fields across any website where the user is registering

4. Third-Party Sharing
We do not sell, rent, trade, or transfer any of your personal data, API tokens, or usage information to any third parties.

5. Tracking and Analytics
The Extension does not track your web browsing history, behavior, or search queries. We do not use Google Analytics or any other third-party tracking software within the Extension.

6. Security
Your API Token is transmitted securely over HTTPS directly to the DakBox.net API. Because your data is stored locally within your browser, it is protected by the security measures provided by Google Chrome.

7. Your Rights
You have full control over your data. You can delete all stored information (including your API token and preferences) at any time by:

Clicking the “Disconnect” button in the Extension setup menu.
Uninstalling the Extension from your browser.

8. Contact Us
If you have any questions or concerns about this Privacy Policy or how the DakBox Helper Extension handles your data, please contact us at:

support@dakbox.net