5. Privacy Policy

Privacy Policy

Last updated: May 22, 2026

1. Introduction
The protection of your privacy is of the utmost importance to us. This privacy policy explains what data is collected when using the "CH Warnlisten & Shop Risk-Check" browser extension and how it is processed.

2. Data Collection and Processing
The extension has been developed according to the principle of data minimization ("Privacy by Design").

• No storage of personal data: We do not store your browsing history, personal data, or IP addresses on our own servers.
• Storage of settings: Configurations (such as API keys, language, whitelist) are stored exclusively locally in your browser's/device's storage (chrome.storage.local).
• URL checks during operation: To evaluate the security of a visited website, the current domain or URL (depending on the setting) is sent to third-party provider interfaces:
• K-Tipp (ktipp.ch/saldo.ch): The domain name is sent to be checked against the K-Tipp/Saldo warning list.
• Reklamation.ch: The domain name is sent to be checked for consumer complaints.
• Trusted Shops: The domain is sent to be checked for its certification status.
• Trustpilot: The domain is sent to be checked for its certification status.
• • For this check, a browser tab is temporarily opened. This is necessary so that Trustpilot recognizes that you are not a robot 😉
• Admin.ch UID (uid-wse.admin.ch): The domain name is sent to the federal government's public SOAP web service to determine a valid company UID.
• Google Safe Browsing (Optional): If you activate this function and provide an API key, the URL is sent to Google's servers. The processing is governed by Google's privacy policy.

3. No Data Disclosure to Third Parties
Apart from the strictly necessary and temporary requests to the security services mentioned above to check websites, this extension does not share, sell, or track any data with third parties. The extension also does not contain any analytics services (such as Google Analytics).

4. Extension Permissions
The extension requires the following browser permissions to function:

• activeTab: To read and check the URL of the currently opened page.
• storage: To store your settings (such as API keys, language, or whitelists) locally in your browser.
• tabs: Required for background URL checking when switching tabs, ensuring each domain is only checked once (K-Tipp/Saldo warning list, Reklamation.ch, Trusted-Shops, uid on admin.ch), or each URL (Google Safe-Browsing).
• declarativeNetRequest: Required to set the Referer header for requests to security services. Since Manifest V3 Service Workers restrict manually setting this header for security reasons, this ensures our requests can be correctly identified and processed.
• scripting: Required for the Trustpilot check. Since Trustpilot blocks requests from bots (WAF protection), a browser tab is temporarily opened and a small script is injected to read the loaded HTML – this way, Trustpilot recognizes a real user.
• host_permissions (<all_urls>): Strictly necessary to include websites in the analysis and to be able to place status messages (badges, in-page warnings) on the respective pages.