Data Collection

What We Collect

The Extension collects and stores the following data locally on your device only:

• Configuration Token: A short alphanumeric code used to fetch your gateway configuration
• Device ID: A randomly generated 5-character identifier
• Master Password (if applicable): Used to decrypt encrypted configurations, stored locally
• User Preferences: Theme, language, and toggle settings

What We Do NOT Collect

• We do not collect personal identification information
• We do not track your browsing history
• We do not collect analytics or usage statistics
• We do not share any data with third parties
• We do not sell your data to third parties.
• We do not use or transfer your data for purposes that are unrelated to the extension's core functionality.
• We do not use or transfer your data to determine creditworthiness or for lending purposes.

Data Storage

All data is stored locally in your browser using Chrome's storage.local and storage.sync APIs. No data is transmitted to external servers except to our official APIs:

1. Configuration API (api.l7.run): To fetch and update your gateway configuration using your token (POST requests with HMAC signature)
2. GeoIP Services (geo.l7.run, l7.run/geo/): To display your IP address information when you explicitly request it (the first goes through the gateway, the second — directly)

Data Transmission

• Configuration requests are made over HTTPS
• Traffic to protected resources is routed through corresponding L7 Gateways
• Personal data is not requested by the system and is not included in API requests

L7 Gateway Functionality

When enabled, the Extension routes traffic to specific domains through a lightweight L7 Gateway. The list of protected domains and the optimal gateway are determined by your configuration via the browser's proxy API.
Gateways operate on a zero-copy principle, without MITM and traffic analysis, with end-to-end encryption. Routing is performed via SNI. The gateway only logs the fact of connection establishment (a generated 5-character device ID and IP address) to control limits and prevent abuse. We do not know anything about the specific user: neither email nor accounts. Moreover, one token can be used by several people. Connection logs are stored for 2 weeks.

Permissions Used

• proxy: To configure browser routing rules (via proxy API)
• storage: To save your configuration and preferences locally
• tabs: To detect current website and update extension icon
• webRequest: To handle transparent authentication processes on gateways (including dynamic SNI generation)
• alarms: To periodically check for configuration updates

Data Deletion

You can delete all stored data at any time by:
1. Using the "Remove Profile" button in the Extension
2. Uninstalling the Extension
3. Clearing browser extension data in Chrome settings

Third-Party Services

The Extension communicates only with:
- api.l7.run — Official Configuration API
- geo.l7.run / l7.run/geo/ — Internal requests for IP status check and gateway validation

Children's Privacy

This Extension is not intended for use by children under 13 years of age.