隱私權政策 — Domain Trust CrownPrivacy Policy — Domain Trust Crown
最後更新:2026-06-07
總則
關於本擴充功能
Domain Trust Crown 是一個在本機瀏覽器執行的 Chrome 擴充功能(Manifest V3)。本擴充功能不蒐集、不儲存、不傳輸任何個人資料或使用資料,也不向任何外部或遠端伺服器發出請求。所有運作皆在使用者的瀏覽器本機完成。
我們不做的事
- ❌ 不蒐集任何個人識別資訊(姓名、Email、IP、裝置識別碼等)。
- ❌ 不蒐集瀏覽紀錄、觀看紀錄、搜尋紀錄或任何使用行為統計 / 分析。
- ❌ 不使用 Cookie、不做指紋追蹤、不嵌入第三方分析或廣告 SDK。
- ❌ 不向任何外部伺服器、API 或遠端端點傳送資料(擴充功能無任何網路請求行為)。
- ❌ 不販售、不分享、不揭露任何資料給第三方(因為根本未蒐集任何資料)。
我們儲存的唯一資料:你的白名單(僅存於瀏覽器)
本擴充功能僅使用 Chrome 內建的儲存空間(chrome.storage.local 或在你選擇開啟同步時改用 chrome.storage.sync)儲存你自己主動加入的資料,內容為:
- 你加入白名單的可註冊主網域清單(
trustedDomains,例如example.com、example.com.tw),以及每筆的加入時間。 - 少量擴充功能設定(
settings,目前為白名單的儲存位置 local / sync)。
這些資料只存放在你自己的瀏覽器。若你開啟帳號同步,將由 Chrome 在你已登入的瀏覽器之間同步(此同步由 Chrome 帳號機制提供,非本擴充功能傳輸)。本擴充功能不會將這些資料上傳至任何我們的伺服器——我們沒有伺服器。
關於網址(URL)的處理
為了在工具列上顯示目前網站是否為白名單,本擴充功能會讀取目前分頁的網址,在你的瀏覽器本機解析出「可註冊主網域」並比對白名單。這個過程完全在本機進行,網址不會被儲存,也不會傳送到任何外部伺服器。網域解析使用隨擴充功能一同封裝的 Public Suffix List 資料(本機檔案,非遠端下載)。
權限用途逐項說明
本擴充功能於 manifest.json 宣告的權限與其用途如下:
| 權限 | 用途 | 說明 |
|---|---|---|
storage |
儲存你的白名單與設定 | 透過 chrome.storage 存取上述白名單與設定;不存任何個資或瀏覽紀錄。 |
tabs |
讀取目前分頁網址以判斷網域 | 用於在你切換分頁或開啟 popup 時取得網址,於本機解析可註冊主網域並更新皇冠 icon;網址僅於本機使用,不儲存、不外傳。 |
本擴充功能不要求
history、cookies、scripting、webRequest、host permissions 或<all_urls>等權限,也不注入 content script、不讀取任何網頁內容(DOM),僅依網址判斷網域。
白名單的性質
白名單代表你個人主觀信任的網域,並非任何官方或第三方的安全認證。本擴充功能不會判斷網站是否為釣魚或詐騙網站,請仍以一般資安習慣自行判斷。
變更
若未來政策有任何變更,將於本文件更新並標示日期。
Overview
About This Extension
Domain Trust Crown is a Chrome extension (Manifest V3) that runs entirely on the user's local browser. It does not collect, store, or transmit any personal data or usage data, and it makes no requests to any external or remote server. All processing happens locally in the browser.
What We Do NOT Do
- ❌ We do not collect any personally identifiable information (name, email, IP, device IDs, etc.).
- ❌ We do not collect browsing history, watch history, search history, or any usage analytics.
- ❌ We do not use cookies, fingerprinting, or any third-party analytics or advertising SDKs.
- ❌ We do not send data to any external server, API, or remote endpoint (the extension makes no network requests).
- ❌ We do not sell, share, or disclose any data to third parties (because none is collected).
The Only Data We Store: Your Whitelist (Kept in Your Browser)
The extension uses Chrome's built-in storage (chrome.storage.local, or chrome.storage.sync if you turn on syncing) solely to store data you add yourself:
- The list of registrable domains you add to the whitelist (
trustedDomains, such asexample.comorexample.com.tw) and the time each entry was added. - A small amount of extension settings (
settings, currently the storage location: local or sync).
This data lives only in your own browser. If you enable syncing, it is synced by Chrome across your signed-in browsers (provided by your Chrome account, not transmitted by this extension). The extension never uploads this data to any server of ours — we have no servers.
How URLs Are Handled
To show whether the current site is on your whitelist, the extension reads the active tab's URL and, locally in your browser, parses its registrable domain to compare against the whitelist. This happens entirely on-device; the URL is not stored and is never sent to any external server. Domain parsing uses a Public Suffix List bundled with the extension (a local file, not downloaded remotely).
Permission Usage, Item by Item
The permissions declared in manifest.json and their purposes are:
| Permission | Purpose | Notes |
|---|---|---|
storage |
Store your whitelist and settings | Reads and writes the whitelist and settings above through chrome.storage; stores no personal or browsing data. |
tabs |
Read the active tab URL to determine the domain | Used when you switch tabs or open the popup to get the URL, parse the registrable domain locally, and update the crown icon; the URL is used only on-device, never stored or transmitted. |
The extension does not request
history,cookies,scripting,webRequest, host permissions, or<all_urls>. It injects no content scripts and reads no page content (DOM); it relies on the URL alone to determine the domain.
Nature of the Whitelist
The whitelist represents domains you personally choose to trust; it is not any official or third-party security certification. The extension does not determine whether a site is phishing or fraudulent — please continue to use normal security judgment.
Changes
Any future changes to this policy will be reflected here with an updated date.