Privacy Policy
1. Zero-Trust Data Architecture
LeakSnitch operates entirely within your browser via Manifest V3. Our core detection engines process all keystrokes and API requests locally. Your sensitive data - including proprietary code, PII, and authentication secrets - never leaves your machine and is never transmitted to our servers.
2. What We Actually Collect
Because of our zero-trust architecture, we collect absolutely minimal data:
- Telemetry: Aggregated, anonymized statistics about extension performance and crash reports to improve stability.
- Account Data: If you register for a dashboard account, we store your email address and display name required to manage your profile and organization.
- Blocked Event Metadata: Only the timestamp, user ID, and the type of leak (e.g., "API Key") is logged to your dashboard. The actual payload is immediately destroyed on the client. We never store prompt text or secret values.
3. Third-Party Integrations
LeakSnitch allows Enterprise users to integrate with SIEM tools like Splunk or Datadog. When configured, webhook payloads are transmitted securely (TLS 1.2+) directly to your specified endpoints. We do not intermediate or store these webhooks.
4. Radical Transparency
LeakSnitch publishes all of its detection patterns publicly. This is by design:
- Security teams can audit our rules at any time - no black box, no NDA required.
- Enterprise SOC teams can proxy our rules through their own infrastructure for validation.
- Your protection does not depend on our servers staying online - patterns are cached locally and run entirely in your browser.
- Our competitive advantage is our context-aware detection engine, not hidden regex patterns.
5. Cookies and Web Tracking
Our marketing website (leaksnitch.com) uses only essential first-party cookies. We do not use third-party tracking pixels, Meta Pixel, TikTok tracking, or any intrusive analytics. You can manage your preferences at any time using the Cookie Preferences link in the footer.
6. Contact Security
If you have any questions regarding this policy or our security posture, please contact us at [email protected].