Privacy Policy

Overview

Quickfill (the “Extension”) helps you autofill OTP / 2FA codes from your email, on demand. We take privacy seriously and aim to collect as little data as possible.

Data collection

• Local storage: The Extension stores minimal settings and account state in Chrome extension storage (chrome.storage).
• OAuth tokens: If you use multi-account sign-in (web OAuth flow), the Extension stores refresh tokens in chrome.storage.local (per account) so it can fetch OTP emails when you ask it to. If you use the default Chrome Identity sign-in, Chrome manages token caching and the Extension does not store tokens itself.
• No tracking: We do not track your browsing activity.

Data usage

Stored data is used only to provide the Extension’s core functionality (sign-in state, preferences, and retrieving OTP emails when requested). We do not sell your data.

Permissions

The Extension requests the following permissions to function:

• Identity / Identity email: to sign in with Google.
• Storage: to save settings and (for multi-account) refresh tokens locally.
• ActiveTab: to fill the OTP into the page you are currently using.
• Scripting: to inject the fill action into the active page when you trigger it.
• Context menus: to provide quick actions.
• Host permissions: to call Google APIs needed for sign-in and reading email metadata/content strictly for OTP retrieval (https://www.googleapis.com/*, https://oauth2.googleapis.com/*).

Third parties

The Extension communicates with Google services (OAuth and Gmail API) to retrieve OTP emails when you request it. We do not share your data with other third parties.

Security

Data is stored in Chrome’s extension storage. Network requests are limited to Google endpoints required for authentication and Gmail access.

Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted here with an updated date.

Contact

If you have questions about this Privacy Policy, contact us at nijinsha23@gmail.com.