Chrome Extension — Privacy Policy

Last updated: March 17, 2026

Overview

The AuthRelay Chrome extension detects Google OAuth sign-in pages on your desktop browser, generates a QR code for your phone to scan, and receives the authenticated callback URL back from the relay server to complete sign-in.

AuthRelay is designed with a zero-knowledge architecture — your credentials never leave your devices in readable form.

Permissions Used

  • storage — Stores extension settings (e.g. custom relay URL) locally in your browser via chrome.storage.sync. No personal data is stored.
  • webNavigation — Detects when you navigate to Google OAuth sign-in pages so the extension can activate automatically.
  • Host permission (accounts.google.com) — Required to detect and intercept OAuth redirects on Google's sign-in domain.
  • Host permissions (firebase/analytics domains) — Required for Firebase Analytics to send anonymous usage events.

Data Collection

Data we do NOT collect

  • Your Google username, password, or credentials
  • OAuth access tokens or refresh tokens
  • Browsing history, bookmarks, or page content
  • Personal information (name, email, phone number)
  • Data from any website other than Google's OAuth domain

Data collected automatically

The extension uses Firebase Analytics to collect anonymous usage events:

  • Extension popup opened
  • Session started (QR code generated)
  • Authentication completed

No personally identifiable information is included in these events. Firebase may also collect device type, browser version, and approximate location (country/region level).

Data Handling

  • The extension does not read, modify, or store any page content from any website.
  • OAuth callback URLs are relayed end-to-end encrypted through the relay server. The server cannot read the payload.
  • Session data is ephemeral and is discarded when the extension popup closes or the session expires.
  • The relay server URL is configurable — you can self-host the relay for full control.

Third-Party Services

  • Firebase Analytics — Anonymous usage analytics. See Firebase Privacy.
  • AuthRelay Relay Server — Facilitates encrypted communication between your phone and desktop. Open source and self-hostable. See main privacy policy for relay server details.

Open Source

The AuthRelay Chrome extension is fully open source under the MIT License. You can audit the complete source code on GitHub.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date.

Contact

If you have questions about this privacy policy or want to request data removal, please open an issue on our GitHub repository.