Privacy Policy - Lw Multi-Tools Chrome Extension

🛡️ Introduction

Lw Multi-Tools is a Chrome extension designed for network analysis and web security testing. This privacy policy explains how the extension handles user data and what information is collected, processed, and stored during its operation.

✓ Complete Privacy Protection: We are committed to protecting your privacy. This extension does not collect, store, or share any personal data with third parties. Your data is safe with us - all operations are performed locally or through secure API calls.

✓ Enhanced Security: Strict Content Security Policy (CSP) rules are implemented to prevent potential security issues including XSS attacks, code injection, and unauthorized data access.

✓ Zero Tracking: No analytics, no telemetry, no user profiling. We respect your right to privacy completely.

Single Purpose: This extension's sole purpose is to provide web developers and system administrators with network analysis and security testing tools, including DNS queries, WHOIS lookups, IP/ASN information, HTTP status checks, security header analysis, and data leak detection.

🔐 Required Permissions

As of version 2.1.4, this extension requires only minimal permissions:

Permission	Purpose	Data Access
`activeTab`	Access current tab's URL for auto-filling domain analysis forms	Current page URL only (temporary, not stored)
`host_permissions`	Connect to API services for network analysis and security checks	User-entered domains/IPs sent to APIs only when requested

✓ Reduced Permissions: Previous versions required additional permissions (tabs, storage, declarativeNetRequest). These have been removed or minimized to enhance your privacy.

📊 Data Collection & Processing

What Data We DO NOT Collect

❌ No Personal Data: We do not collect names, email addresses, phone numbers, or any personally identifiable information (PII).

❌ No Browsing History: We do not track, store, or transmit your browsing history or visited websites.

❌ No Cookies or Form Data: We do not access or store browser cookies, passwords, credit card information, or form inputs.

❌ No Analytics or Tracking: We do not use Google Analytics, telemetry, or any third-party tracking services.

❌ No Remote Data Storage: All user preferences are stored locally in your browser only.

API Request Logging (Server-Side Only)

When you use the extension's analysis tools, requests are sent to our API servers (api.layerweb.com.tr). These servers maintain access logs for technical and security purposes only:

Standard Access Logs:

What is logged: Request timestamp, requested URL/endpoint, HTTP method, response status code, and IP address
Purpose: Server performance monitoring, debugging, and security analysis
Retention: Access logs are automatically deleted every 15 days by Plesk
Access: Logs are only accessible by authorized system administrators

Security Exception - WAF Logs:

If our Web Application Firewall (WAF) detects malicious or abusive requests (e.g., SQL injection, XSS attacks, DDoS attempts), these requests are logged permanently for security and legal protection
Normal, legitimate usage of the extension will never trigger permanent logging
WAF logs are used solely for security incident response and abuse prevention

Third-Party API Services

The extension connects to external API services to provide analysis results. When you use a tool, only the domain name or IP address you explicitly enter is sent to the relevant API:

External APIs Used:

api.layerweb.com.tr - Leak checker, port scanner, safe browsing
check-host.net - HTTP availability checking
dns.google - DNS resolution
ipinfo.io - IP geolocation and ASN data
api.bgpview.io - BGP and ASN information
rdap.org - WHOIS/RDAP domain data
whois.freeaiapi.xyz - Alternative WHOIS service
stat.ripe.net - Network statistics and peering
crt.sh - SSL certificate transparency logs
openpagerank.com - SEO metrics
api.ipify.org - Public IP detection
api.redirect-checker.net - URL redirect analysis
am.i.mullvad.net - VPN/Proxy detection

Note: Each third-party API has its own privacy policy. We recommend reviewing them if you have concerns about how they handle the domain/IP data you submit.

🔧 How Data Is Processed

Local Processing Only

All extension operations, UI interactions, and user preferences are processed locally in your browser. The extension does not send any data to external servers except when you explicitly request an analysis (WHOIS, IP lookup, etc.).

Temporary Data Handling

When you perform an analysis:

The domain/IP you enter is sent to the relevant API service
Results are displayed in the extension interface
No results or query history is stored locally or remotely
Data is discarded immediately after the session ends

No Remote Code Execution

This extension does not load or execute remote code. All JavaScript code is bundled within the extension package and reviewed by the Chrome Web Store before publication.

👤 Your Rights & Control

Full User Control

Minimal Data Collection: The extension collects no personal data or usage analytics
Disable Anytime: You can disable or uninstall the extension at any time through Chrome settings
No Account Required: The extension works without registration, login, or user accounts
Revoke Permissions: You can revoke extension permissions in chrome://extensions
Transparent Operations: All API requests are initiated only when you click "Check" or "Analyze"

Data Retention

Extension Side: No data is retained. All operations are stateless and temporary.

Server Side (api.layerweb.com.tr):

Standard access logs: Deleted automatically every 15 days
WAF security logs: Retained permanently only for malicious/abusive requests

⚖️ GDPR & KVKK Compliance

✓ GDPR Compliant: This extension complies with the General Data Protection Regulation (GDPR). We do not process personal data without user consent, and all processing is limited to the minimum necessary for functionality.

✓ KVKK Compliant: This extension complies with Turkey's Personal Data Protection Law (KVKK - Kişisel Verilerin Korunması Kanunu).

Legal Basis for Processing

User Consent: By installing and using this extension, you consent to the processing described in this policy
Legitimate Interest: Processing is necessary to provide the network analysis and security testing services you requested
Technical Necessity: Access logs are required for server security, performance monitoring, and abuse prevention

Data Protection Principles

Lawfulness, Fairness, Transparency: We clearly explain what data is processed and why
Purpose Limitation: Data is only used for network analysis and server security
Data Minimization: Only the minimum necessary data (domain/IP you enter) is processed
Storage Limitation: Access logs are deleted after 15 days; no user data is stored long-term
Integrity and Confidentiality: All API requests use HTTPS encryption
Accountability: We maintain this privacy policy and respond to data subject requests

Data Subject Rights

Under GDPR and KVKK, you have the right to:

Access your personal data (though we store none)
Rectify inaccurate data
Request deletion of your data (uninstall extension; server logs auto-delete after 15 days)
Object to data processing
Data portability
Withdraw consent at any time
Lodge a complaint with a supervisory authority

🔒 Security Measures

We implement multiple security layers to protect your data and ensure safe operation:

Content Security Policy (CSP) Protection

Strict CSP Rules Implemented:

No Inline Scripts: All JavaScript is externalized to prevent XSS attacks
No eval(): Dynamic code execution is blocked
Restricted Sources: Only whitelisted domains can be accessed
No Unsafe Inline Styles: Prevents CSS injection attacks
Frame Protection: Prevents clickjacking and iframe-based attacks

These CSP rules effectively prevent potential security issues including cross-site scripting (XSS), code injection, unauthorized data access, and malicious content loading.

Additional Security Measures

HTTPS Encryption: All API requests use secure HTTPS connections (TLS 1.3/1.2)
Input Validation & Sanitization: All user inputs are validated and sanitized before processing to prevent injection attacks
No Third-Party Scripts: No external JavaScript libraries are loaded from CDNs - everything is bundled
Web Application Firewall (WAF): Protects API servers from malicious requests and DDoS attacks
Minimal Permissions Model: Extension requests only the absolutely necessary permissions
Chrome Web Store Review: All code is reviewed and verified by Google before publication
Regular Security Updates: Security patches and improvements are released promptly
Secure Communication: All data transmission is encrypted end-to-end
No Remote Code Loading: Extension cannot download or execute remote code

✓ Your Data Is Safe: With our comprehensive security measures including strict CSP policies, HTTPS encryption, input validation, and WAF protection, your data and browsing activity remain secure at all times. We take a defense-in-depth approach to security.

⚠️ Security Notice: While we implement industry-leading security measures, no system can be 100% secure. Use this extension responsibly and only for legitimate network analysis purposes. Report any security concerns to us immediately.

📝 Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance.

Notification: When we make changes, we will update the "Last Updated" date at the top of this page. For significant changes, we may notify users through the extension's update notes or Chrome Web Store listing.

Your Continued Use: By continuing to use the extension after changes are posted, you accept the updated privacy policy.

📧 Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or data protection, please contact us:

Developer: Layerweb

Website: https://layerweb.com.tr

Support: For technical support, privacy inquiries, or data subject requests, please visit our website or contact us through the Chrome Web Store support page.

Exercising Your Rights

To exercise your GDPR/KVKK rights:

To stop data processing: Uninstall the extension
To delete server logs: Contact us via our website (logs auto-delete after 15 days)
For questions about WAF logs: Contact us with specific details about your concern

⚠️ Disclaimer

Educational & Professional Use Only: This extension is designed for network administrators, web developers, and security professionals for legitimate testing and analysis purposes only.

No Warranty: The extension is provided "as is" without warranty of any kind, express or implied. We are not responsible for any damages, data loss, or legal issues resulting from the use of this extension.

Third-Party APIs: The accuracy and availability of results depend on third-party API services. We are not responsible for the accuracy, reliability, privacy practices, or availability of these external services.

Legal Compliance: Users are responsible for ensuring their use of this extension complies with applicable laws and regulations in their jurisdiction. Do not use this tool for unauthorized access or malicious purposes.

Server Logs: While we minimize data retention, server logs may be retained for security purposes as described in this policy. Malicious use may result in permanent logging and potential legal action.