DOMCloak is built on a single principle: your data never leaves your browser. This policy explains exactly what the extension does — and does not — do with information.
Last updated: June 2025The extension does not collect, transmit, store on any server, or share any information about you, your browsing activity, or the content of pages you visit. All processing happens locally on your device.
DOMCloak ("we", "the extension") is a Chrome browser extension developed by XENPLAY, LLC. It masks sensitive data — such as email addresses, Social Security Numbers, credit card numbers, and API keys — directly inside the browser's DOM, in real-time, without sending any information anywhere.
This Privacy Policy describes how DOMCloak handles information when you install and use the extension. By installing DOMCloak, you agree to this policy.
DOMCloak does not collect, transmit, or store any of the following:
DOMCloak stores the following data only on your device, using Chrome's built-in storage APIs. This data never leaves your browser.
| Data | Storage Location | Purpose | Transmitted? |
|---|---|---|---|
| Active masking patterns (e.g. email: on, SSN: on) | chrome.storage.local |
Remember which data types you want masked | No |
| Masking mode (text / blur / spoof) | chrome.storage.local |
Remember your preferred masking style | No |
| Auto-run domain list | chrome.storage.local |
Activate masking automatically on your chosen sites | No |
| Custom regex rules (label + pattern) | chrome.storage.local |
Store your user-defined masking patterns | No |
| Theme preference (dark / light) | localStorage |
Remember your popup color theme | No |
DOMCloak requests four Chrome permissions. Here is exactly why each one is needed:
Why: Allows DOMCloak to read the content of the currently active browser tab when you click the extension icon. This is required to scan the page's DOM for sensitive patterns. The extension only accesses the tab you explicitly activate it on — it cannot read background tabs or tabs you haven't interacted with.
Why: Allows DOMCloak to inject the content script that performs masking directly into the page. No scripts are injected automatically or without user interaction. The script runs locally and never contacts external services.
Why: Allows DOMCloak to save your settings (patterns, masking mode, auto-run domains, custom rules) to chrome.storage.local — a sandboxed, device-only storage area. No data is synced to Google accounts or any remote server.
Why: Allows the Team Config Export feature to save your settings as a local JSON file when you click the Export button. This permission is only exercised on explicit user action and only writes to your local file system — nothing is uploaded anywhere.
DOMCloak uses one third-party service for PRO subscription payments:
| Service | Purpose | Data Shared | Their Privacy Policy |
|---|---|---|---|
| ExtensionPay | PRO tier payment processing and license verification | Email address and payment info — processed by ExtensionPay directly. DOMCloak never receives or stores payment details. | extensionpay.com/privacy |
No page content, DOM data, masked values, or browsing history is ever shared with ExtensionPay or any other third party. The payment service only receives what is needed to process your subscription.
DOMCloak does not use Google Analytics, Mixpanel, Sentry, Amplitude, or any other analytics, crash reporting, or monitoring service.
DOMCloak makes no network requests of its own. The extension's content scripts and background service worker do not call any external API, send any telemetry, or communicate with any server operated by DOMCloak.
The only external network activity occurs when:
You can verify this by inspecting the extension's network activity in Chrome DevTools — you will see no outbound requests from DOMCloak to any DOMCloak-operated server.
Because DOMCloak stores all settings locally on your device, you are in complete control of your data:
chrome.storage.local data is automatically deleted.localStorage entry.DOMCloak retains no copies of your settings on any server, so there is no remote data to delete.
DOMCloak is not directed at children under the age of 13. We do not knowingly collect any personal information from children. If you believe a child has provided personal information through the extension, please contact us and we will take appropriate steps.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify users via the Chrome Web Store listing description or an in-extension notice.
Your continued use of DOMCloak after changes are posted constitutes your acceptance of the updated policy.
If you have any questions about this Privacy Policy or DOMCloak's data practices, please reach out:
Email: xenplay@gmail.com
We aim to respond to all privacy inquiries within 5 business days.