WillItScam
Get the extension

Chrome extension privacy policy

Effective 20 April 2026

This policy covers the WillItScam Chrome extension. For the website itself, see our site privacy policy. The two share a contact address but handle data differently, so we keep them separate — the Chrome Web Store also requires a dedicated policy for the extension.

What the extension does

When you switch to a browser tab, the extension reads the top-level domain of that tab (for example, example.com — not the full URL, path, or query string) and asks our API api.willitscam.com for the rating of that domain. The rating controls the toolbar icon color and badge so you can see at a glance whether the site has been flagged.

What gets sent over the network

  • The top-level domain of the active tab, in a request to https://api.willitscam.com/api/lookup.php.
  • A shipped API key, so our server can apply extension-specific rate limits.
  • Standard HTTP metadata (your IP address, user agent) that any web request carries. We use IP only for rate limiting and keep it for about a day — see the site privacy policy.

We do not send the full URL, the page content, form data, cookies, browsing history, or anything you type. We don’t know which page on a site you’re viewing — only that you’re on the domain.

What the extension stores locally

  • Results are cached in your browser’s IndexedDB for up to 45 days so repeat visits don’t hammer the API. The cache is keyed by domain and contains only the same rating fields the site exposes publicly.
  • Nothing is synced to a cloud account. Uninstalling the extension removes the local cache.

Accounts and personal data

There are no accounts. The extension never asks you to sign in, never asks for your name or email, and has no way to associate you with anything you do on the web.

Permissions

The extension uses tabs and activeTab permissions to learn the domain of the currently active tab, andstorage to keep the local cache. It does not inject scripts into pages and does not read page contents.

Turning it off

You can disable or uninstall the extension at any time from chrome://extensions. Uninstalling wipes the local cache. If you just want to stop badging for a while, disabling the extension stops all network requests from it.

Third parties

The extension talks only to api.willitscam.com. It does not load remote code, does not use analytics, and does not include advertising SDKs.

Changes

If what the extension sends or stores changes, we’ll update this page and bump the effective date at the top. A new version shipped to the Chrome Web Store will reference any material change in its release notes.

Contact

Questions or concerns: privacy@willitscam.com.