Privacy policy.

What the extension reads

When you visit a website, Find Me People reads the current page in your browser to extract:

• Email addresses visible on the page
• Phone numbers visible on the page
• Links to contact, support, help, and similar pages
• Business hours, when available (from schema.org / JSON-LD / microdata)
• Hydration state on JavaScript-rendered pages (e.g. __NEXT_DATA__, JSON-LD blocks) so contacts hidden in JS still surface
• The content of any same-origin iframes the page embeds (e.g. an embedded support widget on the same domain)

All of this is content that is already loaded into your browser. The extension does not access any data that is not already visible to you on the page.

What the extension stores

The extension uses chrome.storage.local for two things, both kept on your device:

• Preferences. Whether the side panel is enabled, which mail client you prefer for Compose, which sites you’ve hidden the panel on, and where you’ve dragged the side panel tab vertically.
• Copy history. When you click to copy an email or phone, a record of what was copied (value, hostname, score, timestamp) is added so the History tab can show it later. Capped at 50 entries; older ones are dropped.

You can clear the entire history at any time from the History tab’s “Clear all” button. Nothing is written to cookies, IndexedDB, or any other browser storage.

What the extension transmits

The extension makes two kinds of network request, both anonymous and tightly bounded.

1. Same-origin contact-page fallback

When the in-page scan finds zero contacts, the extension fires up to three same-origin GET requests to common contact-page URLs on the site you’re already on — /contact, /contact-us, /about, /about-us, /support, /help, /customer-service — and parses the responses for emails and phones. Constraints:

• credentials: 'omit'. No cookies are attached. The server cannot identify you.
• Same-origin only. If a URL redirects to a different domain, the response is discarded.
• Once per origin per browsing session. A flag in sessionStorage prevents the same site from being re-probed.
• Bounded size. Responses larger than 1 MB are discarded without parsing.
• Stops at the first hit. As soon as one of the candidate URLs returns useful results, the rest are skipped.

2. Zendesk help-center search (when a Zendesk chatbot is detected)

When the page carries a Zendesk Web Widget or is itself a Zendesk help center, the extension makes one anonymous query to that vendor’s public help-center search API (https://{subdomain}.zendesk.com/api/v2/help_center/articles/search.json?query=contact) to find the real support contact the chatbot was trained to deflect from. This is the same public endpoint anyone with a browser can hit. Constraints:

• credentials: 'omit'. No cookies. Zendesk sees an unauthenticated visitor — identical to clicking “search” in the help center yourself.
• Public endpoint only. No private data, no auth tokens, no account information.
• Once per Zendesk subdomain per browsing session. Same sessionStorage gate.
• Bounded. Up to 10 article results, body capped at 1 MB.
• Only fires when a Zendesk chatbot is detected on the page. No detection → no request.

That is the complete list. No telemetry, no analytics, no error reporting, no usage statistics, no third-party services beyond the single public-API query above. The extension does not contact any server we operate, because we do not operate any server.

What the extension shares

Nothing. No data is shared with any third party, for any purpose, ever. The extension has no business model, no advertisers, and no analytics partners.

Permissions explained

Permission	What it does	Why we need it
activeTab	Lets the extension interact with the tab you’re currently viewing when you click the toolbar icon.	Required to read the page content from the active tab.
scripting	Lets the extension inject the scanner into a page if it didn’t auto-load.	Required to recover after browser restarts and on pages that loaded before the extension was enabled.
storage	Lets the extension write to chrome.storage.local.	Required for the two preference items and the copy history described above.
host_permissions: <all_urls>	Lets the scanner run on any website.	Required because customer service info can appear on any site — the scanner has to be allowed to run everywhere to be useful.

No remote code

The extension does not load, execute, or reference any remote JavaScript. There are no CDN imports, no external <script> tags, no eval() calls, no dynamic code loading, and no WebAssembly modules. Every line of code that runs in the extension is bundled in the package you install — reviewable line-by-line in the open-source repository linked below.

No accounts, no cookies, no analytics

The extension does not require or support user accounts, login, or registration. It does not create, read, modify, or delete cookies. It does not include any analytics SDK, crash reporter, A/B testing framework, or feature flag service.

Children’s privacy

The extension does not knowingly collect any information from anyone, including children under 13. Because the extension collects no information at all, this applies to every user equally.

Changes to this policy

If this policy changes, the updated version will be published at this URL and the “Last updated” date at the top will be revised. The full history of changes is visible in the website’s git repository.

Open source

The extension and this website are both open source under the MIT license. You can verify every claim on this page by reading the code:

• Extension source: github.com/MatthewDuke1/find-me-people
• Website source: github.com/MatthewDuke1/find-me-people-site

Contact

Questions about this policy? Email matthewduke0@gmail.com or open an issue on the extension’s GitHub.