Privacy Policy for ClickFox Chrome Extension

Last Updated: December 2025

Introduction

ClickFox ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the ClickFox Chrome extension.

Important: File Processing

ClickFox uses a streaming architecture that transfers files directly from the source URL to your Dropbox account without storing, caching, or analyzing file contents on our servers. Files are processed in memory using streaming pipelines and are never written to disk or stored in any persistent storage. We do not have access to, analyze, or retain the contents of files you download.

Information We Collect

Data Stored Locally

The ClickFox extension stores the following information locally on your device using Chrome's local storage:

User ID: A unique identifier associated with your account on our backend service
Email Address: Your Dropbox account email address (if provided)
Access Token: A backend authentication token (JWT) used to authorize API requests to our service
Refresh Token: A token used to obtain new access tokens when the current access token expires

All authentication tokens are stored locally in your browser using Chrome's secure local storage API and are never shared with third parties except our backend service for authentication purposes.

Data Sent to Our Server

When you use ClickFox, the following information is sent to our backend server:

Authenticated Requests: All API requests include your access token in the Authorization header for secure authentication
User ID: To identify your account and manage your download tasks
Source URL: The URL of the file you want to download to Dropbox
Target Path: Optional destination path in your Dropbox account
OAuth Authorization Code: Used for initial Dropbox authentication (processed securely and immediately exchanged for tokens, not stored)
Refresh Token: Used to obtain new access tokens when your current token expires

Data Processed by Dropbox

ClickFox uses Dropbox OAuth for authentication. When you authorize the extension:

Dropbox processes your authentication credentials according to Dropbox's Privacy Policy
We receive an access token that allows us to upload files to your Dropbox account
We do not have access to your Dropbox password or other Dropbox account information beyond what is necessary for file uploads

How We Use Your Information

We use the collected information solely for the following purposes:

Authentication: To authenticate you with our backend service and Dropbox, and maintain your session using access and refresh tokens
File Downloads: To stream files directly from the URLs you provide to your Dropbox account without intermediate storage
Task Management: To track and display the status of your download tasks
Service Operation: To provide, maintain, and improve the ClickFox service

File Processing and Storage

No File Storage or Analysis

ClickFox is designed with privacy and security as core principles:

No Intermediate Storage: Files are streamed directly from the source URL to Dropbox using in-memory pipelines. Files are never written to disk or stored on our servers.
No Content Analysis: We do not read, analyze, scan, or inspect the contents of files you download. Files are transferred as binary streams without any content examination.
No Caching: Files are not cached, buffered, or retained in any form after the transfer is complete.
Streaming Architecture: Our backend uses streaming pipelines that process files in memory chunks, ensuring data flows directly from source to Dropbox without persistent storage.

Only metadata (file name, size, URL) is stored for task management purposes. File contents are never stored or accessible to us.

Data Storage and Security

Local Storage: Your user ID, email, access token, and refresh token are stored locally in your browser using Chrome's secure local storage API
Server Storage: Your user ID, download task metadata (URL, file name, size, status), and encrypted Dropbox access tokens are stored on our secure backend server
Token Security: Access tokens are transmitted securely using HTTPS and Bearer token authentication. Refresh tokens are used only to obtain new access tokens and are stored securely
Dropbox Storage: Files you download are stored in your Dropbox account according to Dropbox's terms and privacy policy
Security: We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction

Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Dropbox: We share necessary authentication information with Dropbox to enable file uploads to your account. File contents are streamed directly to Dropbox without passing through our storage systems
Service Providers: We may use third-party service providers to help operate our service, but they are contractually obligated to protect your information
Legal Requirements: We may disclose your information if required by law or to protect our rights and safety

Your Rights

You have the following rights regarding your data:

Access: You can view your stored user ID and email in the extension's profile tab
Deletion: You can delete your data by logging out of the extension, which removes locally stored information including all authentication tokens
Control: You can revoke Dropbox access at any time through your Dropbox account settings
Token Revocation: You can revoke backend authentication by logging out, which invalidates your access and refresh tokens

Data Retention

Local Data: Stored on your device until you uninstall the extension or log out. All tokens are immediately removed upon logout
Server Data: Download task metadata is retained for operational purposes and may be deleted after tasks are completed. Authentication tokens are stored securely and can be revoked at any time
File Contents: Files are never stored on our servers. They are streamed directly to your Dropbox account
Dropbox Data: Files uploaded to Dropbox are retained according to your Dropbox account settings

Children's Privacy

ClickFox is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last Updated" date at the top of this policy. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: clickfoxapp@gmail.com

Compliance

This Privacy Policy complies with:

Chrome Web Store Developer Program Policies
General Data Protection Regulation (GDPR) requirements
California Consumer Privacy Act (CCPA) requirements

Note: This privacy policy is required by Chrome Web Store for extensions that handle user data. ClickFox only collects and uses data necessary to provide the file download service to your Dropbox account. We prioritize your privacy by ensuring files are never stored or analyzed on our systems.