Skip to content
onbo.cc
Privacy Policy

onCookie

Last updated: April 12, 2026

Overview

onCookie is a browser extension that helps users manage their browser cookies. This privacy policy explains what data the extension accesses, how it is used, and how it is protected.

Data Access

onCookie accesses the following data to provide its functionality:

  • Browser cookies: The extension reads, displays, edits, deletes, imports, and exports cookies stored in your browser. This is the core purpose of the extension.
  • Page content (limited): When configured by the user, the extension can extract a username from the current webpage using an XPath expression. This only occurs when the user explicitly triggers the extraction. No other page content is read or stored.

Data Storage

  • Settings: Your configuration (API endpoint URL, username preferences, UI state) is stored locally in your browser using the Chrome Storage API. This data never leaves your browser.
  • Authentication tokens: If you configure a Bearer token for API exports, it is encrypted using AES-256-GCM via the Web Crypto API and stored locally in your browser. The token is only decrypted when you initiate an API export.

Data Transmission

  • No automatic data transmission: onCookie does not automatically send any data to any server.
  • User-initiated API export: When you explicitly click “Send to API” in the Export tab, the extension sends your selected cookies and username to the API endpoint that you have configured in Settings. This is entirely user-initiated and user-controlled.
  • No third-party servers: onCookie does not send data to any third-party servers, analytics services, or tracking platforms. There are no ads, telemetry, or usage analytics.

Data Collection

onCookie does not collect, store, or transmit:

  • Personal identification information
  • Browsing history
  • Search queries
  • Financial information
  • Health information
  • Location data
  • User activity or interaction data

Data Sharing

  • We do not sell user data to third parties.
  • We do not transfer user data to third parties for purposes unrelated to the extension's functionality.
  • We do not use user data for advertising or creditworthiness purposes.

Permissions Explained

PermissionWhy it is needed
cookiesCore functionality — read, write, and delete browser cookies
activeTabExtract usernames via XPath from the current page (user-initiated only)
storageSave settings and encrypted auth tokens locally in the browser
sidePanelThe main interface runs in the browser side panel
Host access (all URLs)A cookie manager must access cookies across all domains

Security

  • All sensitive operations (cookie access, API calls) run in an isolated background service worker.
  • API endpoints must use HTTPS (localhost is allowed for local development).
  • Authentication tokens are encrypted at rest using industry-standard AES-256-GCM encryption.
  • No remote code is loaded. All JavaScript is bundled locally at build time.
  • The extension follows Chrome's Manifest V3 security model.

Children's Privacy

onCookie is not directed at children under 13 and does not knowingly collect data from children.

Changes to This Policy

If we update this privacy policy, the changes will be reflected in the “Last updated” date above. Continued use of the extension after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy, please contact us at hello@onbo.cc.

← Back to home