Outlook Link Guard
隱私權政策
最後更新日期:2026 年 6 月 13 日
Outlook Link Guard(以下稱「本擴充功能」)是一款在 Outlook Web 中協助你確認信件連結安全的工具。我們高度重視你的隱私,本政策說明本擴充功能如何處理資料。
1. 我們蒐集哪些資料
本擴充功能不蒐集任何個人資料,包含姓名、Email、IP 位址、裝置識別碼或瀏覽行為紀錄,也不會讀取或儲存你的信件本文。
當你在 Outlook Web 點擊信件中的超連結時,本擴充功能僅會在本機讀取「該連結」的目標網址與其顯示文字,用於即時還原 Safe Links、比對白名單與計算風險提示。這些資訊僅在當下用於顯示確認視窗,不會被儲存或上傳。
當啟用「外部郵件」相關防護(外部郵件開啟確認、附件提醒、全部外部郵件封鎖)時,本擴充功能會在本機讀取你「目前開啟之信件的主旨文字」與你「所點擊之附件的名稱」,僅用於判斷是否為外部郵件(偵測主旨中的標籤,例如 [外部郵件])並顯示提醒、遮罩或封鎖。上述內容僅在當下用於判斷與顯示,同樣不會被儲存或上傳。
當啟用「信件檢視模式」(安全 HTML 模式或純文字模式)時,本擴充功能會在你的瀏覽器頁面內、於本機處理「目前開啟信件」的顯示內容:將遠端圖片與附件替換為佔位提示、或將信件以純文字呈現。此處理完全在頁面顯示層進行,信件內容不會被儲存、複製或上傳;按下「顯示圖片/正常載入信件」即還原原始顯示。
2. 資料如何儲存
- 你的設定(各項防護開關與模式偏好、語言等)與信任網域白名單,儲存在
chrome.storage。預設會透過你登入的 Chrome(Google 帳號)跨裝置同步(chrome.storage.sync);你可在設定頁關閉「跟隨 Google 帳號同步」,改為僅儲存在本機(chrome.storage.local)。 - 當你對某封外部郵件按下「確認開啟」後,本擴充功能會將該信件列的文字(寄件者+主旨摘要)暫存於
chrome.storage.session(瀏覽器工作階段儲存),用途僅為「同一封信在另一個視窗(例如雙擊開信的彈出視窗)開啟時不重複跳出確認」。此紀錄只存在於你的瀏覽器記憶體,關閉瀏覽器即自動清除,不會同步、不會上傳。 - 無論同步或僅本機,這些設定都僅供本擴充功能讀取使用;本擴充功能不會將其傳送到作者或任何第三方伺服器(跨裝置同步是由 Chrome 本身在你的 Google 帳號內處理)。
3. 是否有外部網路請求
- 本擴充功能完全在本機運作,所有連結解析、Safe Links 還原、白名單比對與風險偵測(仿冒文字、短網址、HTTP、Punycode 等)皆在你的瀏覽器中完成。
- 本擴充功能不會呼叫任何外部 API,也不會將你的網址、點擊或信件資料送往任何伺服器。
- 當你在確認視窗選擇開啟連結時,是由你的瀏覽器直接前往該網址,這屬於你主動的瀏覽行為,與本擴充功能無關。
4. 資料是否與第三方共享
本擴充功能不會與任何第三方共享、出售或交換資料,也不使用任何分析或廣告 SDK。
5. 權限用途逐項說明
本擴充功能於 manifest.json 宣告的權限與其用途如下:
| 權限 | 用途 | 說明 |
|---|---|---|
storage |
儲存防護設定與信任網域白名單 | 透過 chrome.storage 儲存防護開關、模式偏好、語言與你主動加入的信任網域白名單(可選擇跨裝置同步 sync 或僅本機 local);不儲存個人資料、信件本文、點擊紀錄或瀏覽紀錄。 |
scripting |
對 Outlook 彈出視窗補注入防護腳本 | 新 Outlook 以「雙擊開信」開啟的彈出視窗不會觸發一般的內容腳本注入;本權限讓背景程式偵測到此情形時,把同一份防護腳本與樣式補注入該視窗(僅限上方列出的 Outlook 網域),確保彈出視窗內的連結與外部郵件防護不失效。不用於執行任何遠端程式碼。 |
declarativeNetRequest |
信件檢視模式:於網路層封鎖遠端圖片與追蹤像素 | 啟用「安全 HTML/純文字」檢視模式時,以瀏覽器內建的宣告式規則直接封鎖由 Outlook 頁面發出、指向外部網域的圖片/媒體請求(追蹤像素因此無法回報)。此機制只能封鎖、無法讀取請求內容,全部在本機執行;未啟用檢視模式時不套用任何規則。 |
webNavigation |
偵測 Outlook 頁面切換,確保防護持續生效 | Outlook Web 為單頁應用(SPA),換頁不會重新載入文件;本權限用於收到 Outlook 網域(僅限上方列出者)的頁面導覽/網址變更事件時,確認防護腳本仍在、必要時補注入。不蒐集、不記錄任何瀏覽紀錄,事件以網域過濾、其他網站一律不接收。 |
| 網站存取權限 | 僅在指定的 Outlook Web 頁面與 Teams 內嵌的 Outlook 執行防護 | 允許本擴充功能在 outlook.office.com、outlook.office365.com、outlook.live.com、outlook.cloud.microsoft 注入內容腳本,用於監聽你點擊的信件連結、還原 Safe Links、比對白名單並顯示確認視窗;並取得 teams.microsoft.com 的存取權限,以便在 Microsoft Teams 內嵌的 Outlook 頁面中一併運作(本擴充功能不會在 Teams 的其他頁面執行)。 |
本擴充功能不要求 history、cookies、webRequest、<all_urls> 或任意網站存取權限,也不會在上述網域以外的網站運作。
6. 政策變更
若本政策有重大變更,我們會更新本頁面與上方的「最後更新日期」。
7. 聯絡方式
如對本隱私權政策有任何疑問,請至本擴充功能的官方網站或 Chrome Web Store 頁面與我們聯絡。
Privacy Policy
Last updated: June 13, 2026
Outlook Link Guard (the “Extension”) is a tool that helps you confirm the safety of email links in Outlook Web. We take your privacy seriously. This policy explains how the Extension handles data.
1. What data we collect
The Extension does not collect any personal data, including names, emails, IP addresses, device identifiers, or browsing-behavior logs, and does not read or store your email content.
When you click a hyperlink in an email in Outlook Web, the Extension reads, locally, only that link's target URL and its displayed text — used to unwrap Safe Links, compare against your whitelist, and compute risk hints in real time. This information is used only at that moment to show the confirmation dialog, and is not stored or uploaded.
When the external-mail protections are enabled (open-confirmation, attachment reminder, or block-all mode), the Extension reads, locally, the subject text of the email you currently have open and the name of the attachment you click — solely to determine whether it is an external email (by detecting a subject tag such as [外部郵件]) and to show a warning, overlay, or block. This information is likewise used only at that moment and is not stored or uploaded.
When a mail view mode is enabled (Safe HTML or plain-text mode), the Extension processes, locally within your browser page, how the currently open email is displayed: replacing remote images and attachments with placeholders, or rendering the message as plain text. This happens entirely in the display layer of the page — your email content is never stored, copied, or uploaded; clicking “Show images / Load the full message” restores the original display.
2. How data is stored
- Your settings (all protection toggles and mode preferences, language, etc.) and your trusted-domain whitelist are stored in
chrome.storage. By default they sync across devices through your signed-in Chrome (Google account) viachrome.storage.sync; you can turn off “Sync settings with your Google account” in the options page to keep them on this device only (chrome.storage.local). - After you confirm opening an external email, the Extension keeps that email's list-row text (sender + subject snippet) in
chrome.storage.session(browser-session storage), solely so the same email does not trigger a duplicate confirmation when opened in another window (e.g. a double-click popup). This record lives only in your browser's memory, is automatically cleared when the browser closes, and is never synced or uploaded. - Whether synced or local-only, these settings are read by the Extension only; the Extension does not send them to its author or any third-party server (cross-device sync is handled by Chrome itself within your Google account).
3. External network requests
- The Extension runs entirely locally. All link parsing, Safe Links unwrapping, whitelist matching, and risk detection (spoofed text, short links, HTTP, Punycode, etc.) happen within your browser.
- The Extension calls no external API and never sends your URLs, clicks, or email data to any server.
- When you choose to open a link from the confirmation dialog, your browser navigates to that URL directly — this is your own browsing action and is unrelated to the Extension.
4. Sharing with third parties
The Extension does not share, sell, or trade data with any third party, and uses no analytics or advertising SDKs.
5. Permission Usage, Item by Item
The permissions declared in manifest.json and their purposes are:
| Permission | Purpose | Notes |
|---|---|---|
storage |
Store protection settings and your trusted-domain whitelist | Uses chrome.storage to store protection toggles, mode preferences, language, and the trusted domains you add yourself (optionally synced across devices via sync, or kept local only); it does not store personal data, email content, click logs, or browsing history. |
scripting |
Re-inject the protection script into Outlook popup windows | Popup windows opened by double-clicking an email in the new Outlook do not trigger normal content-script injection; this permission lets the background worker detect that case and inject the same protection script and styles into the popup (only on the Outlook domains listed above), so link and external-mail protection keeps working there. It is never used to run remote code. |
declarativeNetRequest |
Mail view mode: block remote images and tracking pixels at the network layer | When Safe HTML / plain-text view mode is enabled, the browser's built-in declarative rules block image/media requests sent from Outlook pages to external domains (so tracking pixels cannot phone home). This mechanism can only block — it cannot read request contents, and runs entirely locally; no rules are applied when view mode is off. |
webNavigation |
Detect Outlook page transitions so protection stays active | Outlook Web is a single-page app (SPA) whose page changes do not reload the document; this permission is used to receive navigation/URL-change events for the Outlook domains listed above (filtered by domain — events from other sites are never received), to verify the protection script is still present and re-inject it if needed. It does not collect or log any browsing history. |
| Host access | Run protection only on specified Outlook Web pages and Outlook embedded in Teams | Allows the Extension to inject its content script on outlook.office.com, outlook.office365.com, outlook.live.com, and outlook.cloud.microsoft to listen for email-link clicks, unwrap Safe Links, compare against your whitelist, and show the confirmation dialog; it also requests access to teams.microsoft.com so it can work within the Outlook view embedded in Microsoft Teams (the Extension does not run on other Teams pages). |
The Extension does not request history, cookies, webRequest, <all_urls>, or access to arbitrary websites, and does not run outside the domains listed above.
6. Changes to this policy
If this policy changes materially, we will update this page and the “Last updated” date above.
7. Contact
If you have questions about this privacy policy, please contact us via the Extension's official website or Chrome Web Store page.