WylocInstall

Wyloc — Prompt Secret Guard

Privacy Policy

Effective date: May 30, 2026

What Wyloc does

Wyloc is a browser extension that detects credentials, API keys, and other secrets in text you are about to submit through any web page. It warns you before sensitive data leaves your machine, and can replace secrets with safe placeholders so you can keep working.

Data we collect

None.

Wyloc does not collect, transmit, store, or share any personal data, browsing data, prompt text, or secret values. All detection runs locally in your browser. No data is sent to any server.

What stays on your device

  • Incident counts — when the extension detects a secret, it stores a metadata-only record in chrome.storage.local on your device. This record contains only: timestamp, secret type (e.g. “AWS access key”), detection confidence, and the action taken (warned or blocked). It does not contain the secret value, the prompt text, or any surrounding context.
  • No raw text is ever stored. The prompt content is scanned in memory and immediately discarded. It is never written to disk, never logged, and never transmitted.
  • Temporary swap values — if you use the “swap” feature, which replaces a detected secret with a safe placeholder, the mapping between the placeholder and your original value is held only in the active tab's memory for that session. It lets you restore the real value when you copy a response back. This mapping is never written to disk, never logged, and never transmitted, and it is discarded when the tab is closed.

Network activity

Wyloc makes zero network requests. The extension contains no analytics, no telemetry, no crash reporting, no update pings, and no remote code loading. You can verify this by inspecting the extension's network activity in Chrome DevTools — it will always be empty.

Permissions

  • <all_urls> — required so the content script can run on any page and detect secrets before submission, regardless of which website you are using.
  • storage — used to store metadata-only incident counts locally on your device.
  • scripting — used only when the extension is installed or updated, to activate protection in tabs you already had open so they are covered immediately without needing a manual reload. No scripts are injected outside of this install/update event.

No other permissions are requested. The extension does not access your browsing history, bookmarks, downloads, cookies, or any other browser data.

Third parties

Wyloc shares no data with any third party. There are no third-party SDKs, libraries, or services embedded in the extension that transmit data.

Changes to this policy

If this policy changes, the updated version will be posted at this URL with a new effective date. Significant changes will be noted in the extension's changelog.

Contact

Questions about this policy: jones31luke@gmail.com