Privacy Policy & Terms of Service

Last updated: April 2026

CRX Blueprint is a developer transparency and security tool. By using this extension, you acknowledge its primary purpose is the educational and security-focused analysis of browser extension source code.

1. Privacy & Data Handling

Your privacy is absolute. CRX Blueprint operates under a Zero-Server Architecture:

Local Execution: All extraction, decompression (unzipping), and code formatting happen 100% inside your browser's local sandbox.
No Tracking: We do not track the extensions you view, your browsing history, or your identity.
No External API Calls: Code is pulled directly from official Chrome/Edge Webstore servers to your machine. No intermediary servers ever touch the source code.

2. Use Case & Intent

This tool is intended for:

Security Auditing: Verifying if an extension contains malicious code or hidden trackers.
Learning: Understanding modern extension development patterns.
Debugging: Resolving conflicts between extensions.

3. Intellectual Property

Viewing source code does not grant ownership. You must respect the licenses of the extensions you analyze:

Most extension code is proprietary or under specific open-source licenses (MIT, GPL, etc.).
CRX Blueprint does not facilitate the bypassing of paid licensing or illegal redistribution of others' work.
Always check the extracted LICENSE file within an extension before reusing any logic.

4. Disclaimer of Liability

CRX Blueprint is provided "as is" without warranty of any kind. We are not responsible for how you use the information obtained through this tool. Use of extracted source code must comply with your local laws and the Terms of Service of the respective browser webstores.

5. Open Source Credits

This tool stands on the shoulders of giants. We utilize local versions of JSZip, Prism.js, and JS-Beautify to handle complex byte-parsing and formatting. All credits remain with their respective authors.

6. Permission Transparency

To function correctly, the extension requires the following permissions:

downloads: Used solely to save the extracted ZIP or CRX file to your local computer.
contextMenus: Allows you to right-click on web store links to initiate an extraction shortcut.
activeTab: Used to identify the URL of the extension page you are currently viewing so it can be analyzed.
host_permissions (<all_urls>): Required to fetch the extension package directly from official browser web store servers (e.g., Google or Microsoft) to your browser for local extraction.

No data accessed via these permissions is ever sent to any third party or stored outside of your local browser environment.

Maintained by @ivaishnavraj