InControl Privacy Policy

Last updated: April 1, 2026

InControl does not collect, transmit, or share any user data. Everything stays on your device.

What InControl does

InControl is a Chrome extension that detects sneaky redirects and hidden background requests made by websites you visit. It shows you what is happening and lets you decide which domains to block or allow.

Data that stays on your device

To do its job, InControl processes the following information entirely on your device:

Domain names and URLs of web requests, redirects, and navigations — used to detect suspicious activity and display it in the popup.
Your blocked and allowed domain lists — stored in chrome.storage.local so your preferences persist across browser sessions.
Session activity logs — stored in chrome.storage.session and automatically cleared when you close the browser.
A count of total blocked requests — stored locally for display in the popup.

Data we do NOT collect

No data is sent to any external server, API, or third party.
No analytics or telemetry of any kind.
No personally identifiable information.
No browsing history is recorded or stored beyond the current session.
No cookies are read, written, or tracked.

Permissions and why we need them

Permission	Why it is needed
`webRequest`	Detect HTTP redirects and third-party background requests in real time.
`webNavigation`	Detect when navigations start and complete, to identify redirect chains and domain mismatches.
`tabs`	Read the active tab URL to show per-site activity in the popup.
`storage`	Persist your blocked and allowed domain lists locally across browser sessions.
`declarativeNetRequest`	Block network requests to domains you have chosen to block.
`declarativeNetRequestWithHostAccess`	Apply your blocking rules across all websites.
`host_permissions: <all_urls>`	Monitor requests on any website you visit so redirects and background requests can be detected regardless of the site.

Third-party services

InControl does not use any third-party services, libraries, SDKs, or APIs. There are no external dependencies.

Data retention

Session data (activity logs, blocked request counts per tab) is automatically cleared when you close the browser.
Persistent data (your blocked and allowed domain lists, total blocked count) remains until you remove domains or uninstall the extension.

Children's privacy

InControl does not knowingly collect any information from anyone, including children under 13. No personal data is collected from any user.

Changes to this policy

If this privacy policy is updated, the changes will be posted on this page with an updated date. Since InControl collects no data, meaningful changes to this policy are unlikely.

Contact

If you have questions about this privacy policy, you can open an issue on the InControl GitHub repository.