The extension does not store the user's token information and is only used when the user actively enters it
No data is sent to third-party servers
All operations are performed locally in the user's browser
The extension code is open source and can be audited for all functional implementations