OnToplist Browser Extension — Privacy Policy

Last updated: May 22, 2026

The OnToplist browser extension (“the extension”) is provided by OnToplist.com to help account holders manage their directory listings directly from their browser. This privacy policy describes what data the extension stores, what it transmits, and how to remove it.

This policy is specific to the browser extension. For the main website privacy policy, see our standard Privacy Policy.

What the extension stores

When you sign in through the extension popup, the following data is stored locally in your browser's extension storage (chrome.storage.local) — on your own device only:

  • A personal access token issued by ontoplist.com to authenticate API requests on your behalf.
  • Your account email address and basic profile metadata (account type, internal account ID).
  • An optional API base URL setting (used by developers running a local copy of the OnToplist application).

This data is not transmitted to any server other than ontoplist.com, and is not synced across devices through any Google account or third-party service.

What the extension transmits

The extension makes authenticated HTTPS requests exclusively to https://www.ontoplist.com and https://ontoplist.com. Each request includes your personal access token in the Authorization header so the OnToplist API can return information about your account, including:

  • Your listings and their statuses.
  • Category ranking position for each listing.
  • 30-day visitor statistics for each listing.
  • Google indexation status of each listing.
  • Pre-built share URLs for major social media platforms (Facebook, X, LinkedIn, WhatsApp, Reddit, Telegram).

The extension also lets you trigger server-side actions such as a fresh screenshot capture or an indexation re-check for your own listings.

What the extension does NOT do

  • The extension does not read or modify the content of web pages you visit.
  • The extension does not track your browsing activity, history, or tabs.
  • The extension does not contain any third-party analytics, advertising, or tracking SDKs.
  • The extension does not load or execute any remote code — all JavaScript is bundled inside the extension package.
  • The extension does not sell, share, or transfer your data to any third party.

Third-party services

The only external service the extension communicates with is OnToplist.com. When you click one of the social share buttons, the extension opens the corresponding sharing page (Facebook, X, LinkedIn, WhatsApp, Reddit, or Telegram) in a new browser tab — this is a standard URL navigation. No data is sent to those platforms from inside the extension itself; you control whether to complete the share on the platform's own page.

Permissions used and why

  • storage — to keep your sign-in token locally so you don't have to log in every time you open the popup.
  • contextMenus — to add the “Submit this page to OnToplist” right-click menu item.
  • alarms — to periodically refresh the pending-submissions badge count on the toolbar icon.
  • Host access to ontoplist.com — to make authenticated API requests to your OnToplist account.

How to remove your data

You can remove all data the extension has stored in two ways:

  • Click Sign out in the extension popup. This revokes the access token on the server and clears all locally stored data.
  • Uninstall the extension from chrome://extensions/. This automatically removes all locally stored data.

If you would like your OnToplist account itself to be deleted, please contact us at the address below.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date at the top of this page.

Contact

If you have any questions about this privacy policy or about how the extension handles your data, please contact us at support@ontoplist.com.