SkinID Browser Extension — Privacy Policy

What we collect
• Authentication credentials (usernames, passwords, passkeys) that you explicitly choose to save in your SkinID account
• Your SkinID API token (kept locally in browser storage to authenticate API calls)
• The hostname of the page when you initiate a SkinID scan, so the server can return only the credentials matching that site

What we do NOT collect
• Browsing history, page content, search terms, or any data from sites where you do not actively use SkinID
• Your NFC implant UID — that stays on the SkinID app on your phone, never sent to a website
• Telemetry, analytics, ads, or third-party trackers

Where data goes
• All extension network traffic is to https://skinid.ch only. The extension declares this in host_permissions and makes no other outbound requests.
• Saved credentials are end-to-end encrypted server-side with a key derived from your implant. Without your implant scan, neither SkinID Inc. nor a database leak can decrypt them.

Your control
• Delete any saved credential from the SkinID management page at https://skinid.ch/management
• Uninstall the extension to immediately stop all data flow
• Full account deletion: support@skinid.ch

Contact
support@skinid.ch
Full policy: https://skinid.ch/privacy