LinkLens

Privacy Policy — LinkLens

Last updated: May 21, 2026

Summary

LinkLens is designed to protect your privacy. By default it does not collect, transmit, sell, or share any data. All impersonation detection, link-hover analysis, and risk-signal checks run locally inside your own browser. There are no analytics, no tracking, no remote code, and no server operated by the developer.

The extension includes one optional feature — a reputation check — that contacts an external service (VirusTotal) only when you enable it with your own API key and only when you initiate a check. This is described in detail below.

What the extension does locally

• Inspects the domain of pages you visit and links you hover to detect impersonation of known brands (typosquatting, look-alike characters, etc.).
• Reads link destinations, transport (http/https), and form targets to compute local safety signals.
• All of the above is processed in memory on your device and is never stored or transmitted.

Optional reputation lookup (off by default)

If — and only if — you add your own VirusTotal API key, the extension can send a domain name to VirusTotal’s API to retrieve a reputation result. This happens in two ways, both under your control:

1. Manual link check: you click “Check security of this link” in the hover tooltip, or “Check this site’s reputation” in the popup.
2. Auto-check (off by default): if you additionally enable auto-check, the extension looks up a domain automatically only when its own local checks have already flagged that site as elevated/high risk — never for sites that look clean.

In all cases:

• Only a domain name (e.g. example.com) is sent — never full URLs, page content, form data, or anything you type.
• The request goes directly from your browser to VirusTotal using your own API key. The developer operates no server and never receives your data or key.
• Results are cached locally to reduce repeat requests, and lookups are rate-limited.
• Your use of VirusTotal is governed by VirusTotal’s own terms and privacy policy. VirusTotal’s public API is intended for non-commercial use.

You can disable this at any time by removing your key, which also revokes the extension’s permission to contact VirusTotal.

Data stored locally on your device

Stored via chrome.storage.local; never leaves your browser:

• Watched brands you add; trusted sites you mark; recently dismissed warnings.
• Your VirusTotal API key (only if you choose to add it).
• A local cache of recent reputation results (raw counts), to reduce API calls.

You can clear all of it by removing your key, clearing the lists in the popup, or uninstalling the extension.

Permissions

• storage — saves the local settings above.
• Optional host access to virustotal.com — requested only when you enable the reputation feature, used only for lookups you initiate.
• Content scripts run in all frames — so the link-hover safety read can check links inside embedded frames (e.g. ad frames, a common malvertising vector, and webmail message bodies such as Outlook). The page-level warning banner runs only in the top frame. No frame content is stored or transmitted.

Third parties

The only third party the extension can contact is VirusTotal, and only for the optional, user-initiated reputation lookups described above, using your own key. No data is shared with any other third party.

Contact

For questions about this policy, contact: kapoorva21@gmail.com

This site is open source. Improve this page.