TL;DR: We NEVER collect anything from you, EVER！！！

We don't have ANY server on our side. This extension NEVER try to reveal, read or send away your password but detects password input field to:

1. avoid injecting complete content scripts everywhere to improve performance.
2. listen if TOTP input field occurs after password field.

It neither connects to any remote server unless it is about to sync secret tokens, at your consultant, via platform at your choice. They have their terms so check it if concerned.

In any case, your secret tokens will NEVER be revealed to any irrelevant third party under manipulation of this add-on.

Cookie
We use Cookie when ONLY you try to autofill OTP code on Atlassian instead of Session Storage like other sites:

It records ONLY a boolean value, indicates whether you have input password or not. It has NOTHING to do with any sensitive info.