Privacy Policy

1. General Information

The Brujula Security extension (hereinafter, the Extension) is developed and distributed by Brujula Cripto with the purpose of protecting users from phishing and malicious sites in the crypto ecosystem.

Responsible: Brujula Cripto
Website: brujulacrypto.com
Contact: soporte@brujulacrypto.com
Source code: GitHub

Support this open source project

2. Data We DO NOT Collect

The Extension is designed with a Privacy-First approach. We explicitly declare that we DO NOT collect:

❌ Personally identifiable information (name, email, address, etc.)
❌ Browsing data or web history
❌ Crypto wallet addresses or public/private keys
❌ Information about balances or transactions
❌ Tracking cookies or unique identifiers
❌ Usage data, metrics, or analytics
❌ Device or operating system information
❌ IP address or geolocation
❌ Passwords or authentication data
❌ History of visited sites

3. How the Extension Works

The Extension works through a layered protection system:

🎯 9 Detection Methods

✓ Typosquatting detection (domains similar to legitimate ones)
✓ Unverified crypto sites
✓ Wallet connection detection
✓ Analysis of suspicious words
✓ Domains with high-risk TLDs
✓ Critical alert if seed phrase is requested
✓ Homoglyph character detection
✓ URL structure analysis
✓ Verification against legitimate sites database

🔄 Analysis Process

1. Web page loads normally
2. Extension analyzes domain locally
3. Compares against local database (107 verified sites)
4. Runs detection algorithms in your browser
5. Shows visual alerts according to threat level

🚦 Visual Alert System

🟢 Green badge: Officially verified site
🟡 Yellow modal: MEDIUM threat detected
🔴 Red modal: HIGH threat detected

4. Requested Permissions

The Extension requests only the minimum necessary permissions:

📍 activeTab

Analyze the domain of the active tab: Analyze the domain of the active tab
Necessary to detect threats in real-time: Necessary to detect threats in real-time
Cannot read content from other tabs: Cannot read content from other tabs

💾 storage

Save user configuration and whitelist: Save user configuration and whitelist
Allows customization of alerts and trusted sites: Allows customization of alerts and trusted sites
Only stores local preferences: Only stores local preferences

📝 scripting

Inject visual alert content: Inject visual alert content
Shows badges and warning modals: Shows badges and warning modals
Only injects when threat is detected: Only injects when threat is detected

🔗 tabs

Access URLs of active tabs: Access URLs of active tabs
Necessary for domain analysis: Necessary for domain analysis
Does not access internal page content: Does not access internal page content

❌ Permissions We DO NOT Request

🚫 We don't automatically download files
🚫 We don't read your clipboard
🚫 We don't access browsing history
🚫 We don't access bookmarks
🚫 We don't read cookies from other sites
🚫 We don't intercept network traffic

5. Security and Transparency

🔓 Open Source Code

The complete source code is publicly available on GitHub for auditing.

🚫 No External Connections

The extension does NOT make any requests to remote servers. Works 100% offline.

💻 Local Processing

All detection logic runs in your browser. No communication with external APIs.

🔒 Strict Content Security Policy

We implement CSP that prevents external code execution.

6. Third-Party Services

The Extension does NOT integrate any third-party services:

🚫 No analytics services (Google Analytics, etc.)
🚫 No advertising platforms
🚫 No tracking systems
🚫 No external CDNs
🚫 No third-party APIs

7. User Rights

Since the Extension does not collect data, we recognize the following rights:

ℹ️ Right to Information

This policy provides full transparency about the operation.

📦 Right to Portability

Your whitelist and configuration can be exported at any time.

🗑️ Right to Deletion

You can uninstall the extension without leaving any data trace.

🔍 Right of Access

The source code is available for public review.

8. Privacy Settings

The extension includes advanced privacy controls:

🎖️ Badge Control

Enable/disable indicators on the extension icon.

🔔 Alert Control

Configure what level of alerts you want to see (HIGH, MEDIUM, LOW).

✅ Whitelist System

Mark sites as trusted to not receive future alerts.

🌍 Language Preference

Choose between Spanish and English. Saved locally.

9. Limitation of Liability

⚠️ USE AT YOUR OWN RISK

The Extension is provided AS IS and AS AVAILABLE.

👤 User Responsibility

You are responsible for verifying the legitimacy of websites before connecting wallets.

⚖️ Limitations

Brujula Cripto is NOT responsible for:

• Loss of funds from undetected phishing
• Direct, indirect, or consequential damages
• False positives on legitimate sites
• Incompatibilities with future browser versions

This extension is an additional security tool, not a substitute for good security practices.

10. Legal Compliance

This extension complies with:

🇪🇺 GDPR (EU)

General Data Protection Regulation. By not collecting data, we comply by default.

🇺🇸 CCPA (California)

California Consumer Privacy Act. We do not sell or share information.

🏪 Chrome Web Store

Google's developer policies. Minimum permissions.

🇪🇸 LOPDGDD (Spain)

Organic Law on Data Protection and Guarantee of Digital Rights.

11. Policy Updates

We reserve the right to modify this policy. Changes will be notified through:

📄 Update of this web page
📅 Modification of the update date
🔔 Notification in extension updates (if applicable)

Review this policy periodically to stay informed.

12. Contact and Support

For inquiries, suggestions, or security reports:

📧 Support Email: soporte@brujulacrypto.com
🌐 Website: brujulacrypto.com
💻 GitHub Repository: GitHub

🔐 Security Reports

If you discover a vulnerability, contact us privately before disclosing it.

📋 Executive Summary

✅ Total Privacy: We absolutely do not collect any data
✅ Local Processing: Everything happens in your browser
✅ Open Source: Publicly auditable code
✅ No Servers: Zero external connections
✅ Minimal Permissions: Only what is strictly necessary

100% Privacy Guaranteed