Privacy after installing Fake Data extension

Out of the box, Fake Data extension runs completely offline, it does not collect any data and it is not connecting to any remote server at all. Every learned field, customised generator and every custom script written inside Fake Data extension are stored only locally on user's machine and not backed up anywhere online.
It is important to understand that your privacy is very important while using Fake Data extension, and all measures will be taken in order to protect your personal data.

Browser permissions

Fake Data extension requires the following permissions in order to be installed in your browser and run properly:

• activeTab - is a core permission that must be available in order for Fake Data extension to be able to insert values in form inputs, read fields data, attributes, placeholders. The browser will warn that with this permission, extensions can read all website data and contents. While in theory this is true, Fake Data extension does not do that. This can and is confirmed by continuous approval processes that happen on every update. It can also be confirmed by debugging the extension and seeing that no sensitive data leaves the user's computer
• contextMenus - permission required for Fake Data extension in order to be able to create the "Fake Data" submenu when right-clicking an element in a page.
• storage - necessary for storing customisations and learned fields for later use

Additionally, the following optional permission may be requested when making specific actions inside Fake Data extension:

• notifications - this is an optional permission and is only requested when user enables Email and SMS notifications. (Feature available for Ultra subscribers)

Data collected during payments

Fake Data extension is free to use for unlimited period of time but with limited functionality. To unlock the full power of the extension, several options are available:

Purchasing a one-time Pro license:

When purchasing a Pro license, you will be asked for your name and email address. These will be embedded and encrypted inside your license code. This will allow Fake Data extension to validate licenses offline, without an intermediary server and at the same time show who the license owner is.
A copy of the purchased license code will also be stored on the server for backup in case the user loses it.
All of the features unlocked by the Pro license are completely offline and none of them will enable Fake Data extension to connect to a remote server. Neither the validation of the license.

Processing the payments:

When a Pro license is going to be purchased, you will be prompted to choose between two payment processors: PayPal or Stripe. Please refer to their privacy and policy in order to find out what data is collected and how it is stored by them.

Enabling Ultra Subscription:

There is another set of features inside Fake Data extension that can only be unlocked with an Ultra subscription, paid monthly or yearly. In order to enable those, you will have to allow Fake Data extension to connect to a cloud server and send data back and forth. Before enabling it, Fake Data extension will prompt you with a confirmation message and a warning letting you know that you will be going to give Fake Data extension permissions to communicate over the internet with a Fake Data server.
During the communication between Fake Data extension and Fake Data server, the Pro license code is used as authentication method and identification of the user.
Enabling Ultra Subscription features will only make Fake Data extension to send and receive data over the internet that is related to those particular features. Anything else, like custom generators, learned fields, custom scripts will still remain on your machine as before, and won't be sent online to the Fake Data server.

Subscribing to Ultra Subscription:

Before starting a subscription, a Pro license is required to be active.
In order to activate the Ultra subscription you will have to provide your payment information again through Stripe. This time, your payment method will be stored securely inside Stripe, in order to allow easier recurring payments. You can always review and manage this data from your Stripe customer portal which is accessible through Fake Data extension.

Emails and SMS messages provided by Ultra Subscription:

Ultra Subscription enables features like generating email addresses, receiving email messages and receiving sms messages.
After activating your subscription, you will be assigned a dedicated phone number that you can use to receive incoming SMS and MMS messages. This number is only assigned to you and nobody else.
You will also be able to generate unlimited email addresses that will catch all incoming email messages. All these addresses are unique, random and dedicated only to your account. Nobody else will receive an email address generated before, with some exceptions described below.
A generated email address is yours for a limited amount of time until it is being deleted for inactivity. If you generate an email address and it does not receive any message at all, it will be deleted after 3 months. Otherwise, an email address will be considered inactive and deleted after 1 year since the last email message was received. Once an email address has been deleted, it can be assigned again to another Fake Data user and you will not be able to receive messages to it. Any message already received will still be linked to your account.
In order to keep an email address permanently, you will have to receive at least 1 email message per year per address.
Phone numbers will be automatically unassigned from your account if you let your Ultra subscription to expire or request it's cancellation. Once a phone number is unassigned, it may be reused by other users.

Storing messages:

All received emails and SMS messages are stored on Fake Data server and are only accessible to the Fake Data account that the recipient belongs.
When you delete a message from your Fake Data extension, it will be permanently removed from Fake Data server too without any possibility of recovering it.
SMS messages are processed by Twilio and email messages are processed by AWS SES. In addition to that, attachments inside emails and SMS messages are stored in AWS S3 until deletion of the message from Fake Data extension. Please refer to their privacy policy if more clarifications are necessary on how they store the data on their end.

Using Datasets from Google Sheets:

"Datasets" is a feature in Fake Data Extension that allows users to bring their own custom data when filling web forms instead of generating random values. Datasets from Google Sheets allows importing such data directly from Google Sheets as opposed to importing from a CSV file.

Fake Data extension does not collect any personal information from the user's Google account or Google Drive account, and it does not send any data to any remote server. All data that is required for Datasets feature is stored and manipulated locally, without leaving the user's browser. Please see below the permissions required and the reason for them.

In order for Fake Data extension to work properly when adding a new Dataset from Google Sheets, the following permissions will be required during the authentication process with your Google account:

• https://www.googleapis.com/auth/drive.metadata.readonly - Required in order to display a list of Google Sheets files from your Google Drive account. (feature be available in a future update)
• https://www.googleapis.com/auth/spreadsheets.readonly - Required to read the contents of the selected Google Sheet file.

Both permissions are requested only with read-only access. Fake Data extension will not be able to make any changes to these files.

When needed, Fake Data extension will only extract a list of Google Sheets files from your Google Drive account, and from these files will only request a list of sheets and the data values from them.

All requests are made locally on user's machine, nothing leaves the extension to any external server. In fact all these can be seen by the user through the Network tab under developer tools of each browser.

During the authentication process, Fake Data requests access to your Google account through the official OAuth protocol. During the OAuth redirect URL step, the user will be taken to a page located at https://www.fakedata.pro/oauth/extension. The access code for offline use is passed as hash to the URL, so the browser will not send it to www.fakedata.pro server, and at the same time will allow Fake Data extension to capture it and use it locally. This makes even the authentication step private to the user, and no sensitive information leaves the browser.

When saving a new Dataset in Fake Data Extension, a "refresh_token" for your Google account is saved along with it in order to reload the Google Sheet data at the specified interval.

Limited Use Requirements

Fake Data extension complies with Google API Services User Data Policy, including the Limited Use requirements.