Privacy Policy

1. Overview

TagScanner ("the Extension") is a Chrome browser extension developed by Ritesh Gupta and the TagScanner team ("we", "us", "our"). This Privacy Policy explains what data the Extension collects, how it is used, and your rights in relation to that data.

TagScanner is designed to operate primarily on data that is already present in your browser. The Extension reads the _satellite container object injected by Adobe Tags into any page where the Extension is activated. This object resides in your browser's memory and is not transmitted anywhere for core features.

2. Data collected and how it is used

2.1 Core features — no data transmission

When you use the core features of TagScanner, the Extension reads the compiled Adobe Tags library from the page you are visiting. This includes:

• Rule names, events, conditions, actions, and custom code blocks
• Data element names, types, values, and dependency relationships
• Extension names and configuration data
• Property name, environment, library version, and build information

This data is read from your browser's memory and processed locally. It is not transmitted to our servers or any third party. It is not stored persistently beyond your current browser session unless you explicitly use the Export feature.

2.2 Export feature

When you use the Export Full Report feature, the Extension generates a .xlsx file from the property data described above and downloads it directly to your device. This file is not transmitted to any server. You are responsible for how you store or share the exported file.

2.3 Activity history

The Extension stores a local log of AI feature activity (scans, explanations, and chat queries) in your browser's local storage. This log is accessible only to you, stored only on your device, and never transmitted to our servers. You can clear this history at any time from within the Extension.

3. AI features and data transmission

TagScanner includes three optional AI-powered features: AI Property Health Scan, Custom Code Explanation, and Ask AI. These features are in Preview or Beta status and are available on a best-effort basis.

3.1 Data transmitted for AI features

Depending on the AI feature used, the following data may be transmitted:

• AI Health Scan: A structured representation of your entire Adobe Tags property — rule names, data element names, extension names, rule counts, and property metadata. Custom code content is included in the scan payload.
• Custom Code Explanation: The specific custom code block you have selected for explanation, along with the name of the rule or data element it belongs to.
• Ask AI: Your natural language query and, on first activation, a structured summary of the property to provide context. Subsequent queries in the same session include the conversation history.

3.2 Secret redaction

Before any data is transmitted for AI features, the Extension automatically scans custom code blocks for common sensitive patterns — including Bearer tokens, API key assignments, AWS access keys, and PEM certificate blocks — and replaces matched values with [REDACTED]. This redaction runs client-side before transmission and is applied regardless of which AI feature triggers it.

You should review all data before using AI features on properties that may contain sensitive information.

3.3 Consent

The first time you activate any AI feature, the Extension presents a consent modal that describes exactly what data will be sent, where it is sent, and that common secrets are auto-redacted. You must actively confirm consent before any AI feature is activated. This consent is stored in your browser's local storage and covers all three AI features — you will see the consent modal once.

3.4 How AI feature data is used

Data transmitted for AI features is used solely to generate the AI response you requested. It is processed by AWS Bedrock (Anthropic Claude) under AWS's data processing terms. We do not use this data for:

• Training AI models
• Advertising or marketing profiling
• Sale to third parties
• Any purpose other than generating the requested AI output

3.5 Logging and caching

To improve performance and reduce unnecessary API calls, our Lambda endpoint computes a hash of the input data and may cache the AI response in AWS DynamoDB. Cached responses are keyed by the hash of the input — no personally identifiable information is used as the cache key. Logs of AI requests are retained for up to 90 days for security, abuse prevention, and rate limiting purposes.

4. Authentication data

AI features require you to sign in with a Google account via Google OAuth. The Extension uses Chrome's chrome.identity.launchWebAuthFlow API to obtain a Google access token. This token is exchanged at our Lambda endpoint for a session token, which the Extension uses for subsequent AI requests.

We store the following authentication data:

• A session token issued by our Lambda endpoint — stored in your browser's local storage
• Your Google account identifier (used for rate limiting purposes only) — stored in AWS DynamoDB

We do not store your Google password, full name, profile photo, or any Google account data beyond the identifier necessary for rate limiting. We do not share authentication data with any third party.

5. Local storage

The Extension uses your browser's local storage to persist the following data on your device only:

• AI feature consent status
• Activity history (AI scan results, explanations, and chat history)
• Session token for AI features
• User preferences and Extension settings

This data is stored locally on your device and is not transmitted to our servers. You can clear all local storage data by uninstalling the Extension or clearing browser data for the Extension.

6. Third-party services

TagScanner interacts with the following third-party services:

6.1 AWS Lambda and AWS Bedrock

AI features transmit data to our AWS Lambda endpoint, which calls AWS Bedrock (Anthropic Claude 3.5 Haiku). AWS processes this data under the AWS Privacy Notice and applicable data processing agreements. Data is processed in AWS regions consistent with AWS's standard service regions.

6.2 AWS DynamoDB

AI response caches, usage counts for rate limiting, and anonymised request logs are stored in AWS DynamoDB. No personally identifiable information other than a Google account identifier (for rate limiting) is stored.

6.3 Google OAuth

Sign-in for AI features uses Google OAuth. Google's handling of authentication data is governed by the Google Privacy Policy.

We do not use advertising platforms, data brokers, or analytics services. No user data is sold to or shared with any third party for commercial purposes.

7. Limited use policy

Specifically, TagScanner:

• Does not use Google API data for advertising or marketing
• Does not transfer Google API data to advertising platforms or data brokers
• Does not allow humans to read Google API data except as required for security investigations or legal compliance
• Limits use of Google API data to the single purpose of verifying user identity for AI feature rate limiting

8. Data retention

• Core feature data: Not retained. Processed in memory only, discarded when the Extension panel is closed.
• AI request logs: Retained for up to 90 days in AWS DynamoDB for security and abuse prevention, then deleted.
• AI response cache: Retained for up to 30 days, keyed by hash of input data.
• Authentication identifiers: Retained while your account is active. Deleted on request.
• Local storage data: Retained on your device until you clear it or uninstall the Extension.

9. Your rights

You have the following rights in relation to data we hold:

• Access: You can request a copy of any data we hold about you.
• Deletion: You can request deletion of your account data, including authentication identifiers and AI request logs. Uninstalling the Extension clears all local storage data.
• Withdrawal of consent: You can withdraw consent for AI features at any time by clearing the Extension's local storage or uninstalling it. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
• Portability: AI activity history stored in local storage can be reviewed within the Extension and is accessible to you directly.

To exercise any of these rights, contact us at tagscannerfeedback@gmail.com.

10. Children's privacy

TagScanner is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify users via a notice in the Extension on next activation. Continued use of the Extension after changes are posted constitutes acceptance of the updated policy.

The version history of this policy is maintained at thelearningproject.in/tools/tagscanner/privacy.