Privacy Policy for Session Share - Admin Extension

Last Updated: January 1, 2026

Session Share - Admin Extension ("we," "our," or "the Extension") enables sharing website access within your organization. This policy explains how we collect, use, and protect your information.

1. Information We Collect

1.1 Authentication Information

  • Email address and password (if using email/password login)
  • Google account information (if using Google Sign-In), including email and profile data
  • Authentication tokens and refresh tokens stored locally

1.2 Website Data

  • Cookies: Collected from websites you visit ONLY when you click "Update Access"
  • Website URLs and domain names
  • Page titles
  • Website favicons

1.3 User Profile Information

  • Name
  • Email address
  • Organization membership and role (Owner, Admin, Moderator, Editor, or Member)
  • Organization details

1.4 Usage Data

  • Categories and tags you assign to websites
  • Site metadata preferences stored locally
  • Selected organization preferences

2. How We Use Your Information

  • Share encrypted website access (cookies) with your organization
  • Authenticate and manage your account
  • Organize and categorize shared website access
  • Provide organization-based access control
  • Store preferences locally in your browser

3. Data Storage and Security

3.1 Local Storage

  • Authentication tokens, user profile, organization data, categories, tags, and site metadata are stored locally in your browser using Chrome's storage API.
  • This data remains on your device and is not automatically transmitted.

3.2 Data Transmission

  • Cookies are encrypted using RSA-OAEP-256 (A256GCM) before transmission.
  • Encrypted data is sent to our backend API
  • Authentication credentials are transmitted over HTTPS.

3.3 Encryption

  • Cookies are encrypted with RSA-OAEP-256 before being sent to our servers.
  • Encryption keys are managed by your organization.
  • Encrypted cookies expire after 24 hours.

4. Permissions Used

PermissionPurpose
StorageStore preferences and authentication data locally
CookiesRead cookies from websites when you click "Update Access"
TabsAccess active tab information (URL and title)
IdentityEnable Google Sign-In
Host PermissionsAccess cookies from websites you visit (only used when you explicitly click "Update Access")

5. Data Sharing

  • Shared website access (encrypted cookies) is accessible to members of your organization based on their role
  • Organization administrators can manage access and view shared resources
  • We do not sell your personal information to third parties
  • We may share data if required by law or to protect our rights

6. Your Rights and Choices

  • Sign out at any time to clear local authentication data
  • Choose which websites to share access for
  • Manage categories and tags for websites
  • Select which organization to share access with
  • Cookies are only extracted and shared when you click "Update Access"

7. Third-Party Services

Google OAuth: If you use Google Sign-In, Google's privacy policy applies to authentication data.

Backend API: Data is processed by our servers.

8. Data Retention

  • Local storage data persists until you sign out or uninstall the extension
  • Encrypted cookies stored on our servers expire after 24 hours
  • Organization administrators may retain access records per your organization's policies

9. Children's Privacy

This extension is not intended for users under 13. We do not knowingly collect information from children.

10. Changes to This Privacy Policy

We may update this policy. Material changes will be communicated through the extension or via email. Continued use after changes constitutes acceptance.

11. Contact Us

For questions about this policy or your data:

Email: info@codescale.lk

Website: https://sessionshare.app

Important Notes

  • Cookies are only collected when you click "Update Access" on a specific website
  • Internal browser pages (chrome://, edge://, about:) are not supported
  • All data transmission uses HTTPS
  • Encryption keys are managed by your organization, not by us

By using Session Share - Admin Extension, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein.