1 Introduction
AutoReject Cookies ("the Extension", "we", "our") is a Chrome browser extension developed by Bidjex. It automatically rejects cookie consent banners on websites, blocks ads and algorithmic content (Shorts, Reels, sponsored posts) on YouTube, Instagram, and Facebook, and includes a video-detection utility.
This Privacy Policy explains exactly what data the Extension accesses, what it stores locally on your device, what — if anything — it sends to external servers, and what it does not do. Every statement in this document is grounded in the Extension's source code.
Developer contact: bidjoexterminate@gmail.com
2 Information We Collect
2.1 Data Stored Locally on Your Device
All data below is stored exclusively in Chrome's chrome.storage.local or
chrome.storage.sync APIs on your own device. It is never
transmitted to our servers during normal operation.
| Storage Key(s) | What It Is | Why It Is Stored |
|---|---|---|
enabled, debugMode |
Boolean on/off toggles | Remember your global enable/disable preference and debug mode |
whitelistedSites |
List of domain names you excluded | Allow the extension to skip those sites on your request |
stats (rejected, shorts, reels, hidden, videos) |
Integer counters | Display the action counter in the popup and badge |
youtubeEnabled, instagramEnabled, cookiesEnabled |
Boolean feature toggles (sync storage) | Sync your per-feature preferences across your own Chrome profile |
ytAdBlockEnabled, ytAdBlockSafeMode |
Boolean toggles | Remember your YouTube ad-blocker mode |
fb_blocker_settings |
Object of boolean flags for individual Facebook filters | Remember which Facebook content types you want filtered |
fb_stats |
Integer counters (ads, reels, suggested) | Display Facebook-specific statistics in the popup |
theme |
"light" or "dark" string |
Remember your preferred UI theme |
No account, identity, or authentication data is stored.
2.2 Data Processed Transiently in Memory (Never Stored or Transmitted)
The following data is used in memory during operation and is never written to storage or sent anywhere:
- Page DOM content — read locally to detect and dismiss cookie banners. Page content is never recorded or transmitted.
-
Video/audio URLs detected on pages — identified by inspecting HTTP response
headers (
Content-Type,Content-Length) and DOM elements (<video src>,<a href>). Held in memory per tab; discarded when the tab closes or navigates. Shown to you in the popup so you can download a file; never sent to our servers. - Current tab URL / hostname — read to check the whitelist and pre-fill the bug report site field. Not stored beyond the extension's in-memory state for that session.
-
HTTP response headers — inspected by
chrome.webRequestto identify video files. Header values are not logged or stored.
2.3 Data You Voluntarily Submit (Bug Reports)
If you choose to submit a bug report via the in-extension form, the following data is sent to
our Cloudflare Worker proxy at
https://bug-report-proxy.supsupq.workers.dev:
| Field | Source |
|---|---|
email | Typed by you into the bug report form |
siteUrl | URL of the affected site (pre-filled, editable by you) |
description | Typed by you into the bug report form |
extensionName | Hardcoded string "AutoReject Cookie" |
timestamp | ISO 8601 timestamp generated at submission time |
navigator.userAgent, page content, or any data beyond what
you explicitly type. Your IP address reaches Cloudflare's infrastructure as part of standard
HTTP but is not logged or stored by us.
The Cloudflare Worker forwards reports to a private Discord channel for developer review. Bug reports are used solely for fixing reported issues. Submission is rate-limited to 3 reports per browser session.
3 Information We Do NOT Collect
- We do not collect browsing history. The Extension reads page content transiently; it does not record or transmit which URLs you visit.
- We do not use analytics — no Google Analytics, Mixpanel, Amplitude, Segment, or similar.
- We do not use crash / error reporting services — no Sentry, Bugsnag, or similar.
- We do not track you across websites.
- We do not build profiles about you or your behavior.
- We do not sell, share, or rent your data to any third party for commercial purposes.
- We do not transmit the content of pages you visit. Cookie banners are dismissed entirely locally.
- We do not access passwords, payment information, form inputs, or sensitive personal data.
- We do not use remote code execution. All scripts are bundled within the Extension package. The only remote network requests in normal operation are fetching a JSON rules file and (optionally) submitting a bug report you initiate.
4 How We Use Information
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Remembering your settings | Locally stored preferences | Legitimate interest — necessary for the Extension to function as you configured |
| Detecting and rejecting cookie banners | Transient DOM access; locally cached CMP rules | Legitimate interest — core functionality you installed the Extension for |
| Blocking ads / Shorts / Reels on YouTube, Instagram, Facebook | Transient DOM access; local feature flags | Legitimate interest — core functionality you installed the Extension for |
| Displaying detected video URLs to you | Transient in-memory video list | Legitimate interest — core functionality you installed the Extension for |
| Fetching updated CMP detection rules |
GET request to https://cmp-rules-api.supsupq.workers.dev/rules —
no personal data sent (only static header X-Client-ID: autoreject-cookies)
|
Legitimate interest — keeping cookie-banner rules current |
| Processing bug reports | Email, site URL, description you typed | Consent — you voluntarily fill in and submit the form |
5 Data Storage and Security
5.1 Local Storage
All preferences and statistics are stored in Chrome's built-in
chrome.storage.local and chrome.storage.sync APIs on your device.
In the case of sync, Chrome synchronises this data across your own Chrome
profile via your Google account. We have no access to this data.
5.2 External Server Endpoints
| Endpoint | Purpose | Data Sent |
|---|---|---|
https://cmp-rules-api.supsupq.workers.dev/rules |
Fetch latest CMP detection rules (JSON) | None — GET request with static X-Client-ID header only |
https://bug-report-proxy.supsupq.workers.dev |
Receive bug reports from the in-extension form | Only data you typed into the bug report form (see §2.3) |
Both endpoints are operated via Cloudflare Workers (Cloudflare, Inc., US). Cloudflare processes network traffic as a data processor and applies its own privacy practices — see cloudflare.com/privacypolicy.
5.3 Security Measures
- No credentials, API keys, or webhook URLs are exposed in the Extension's source code. Sensitive routing is handled server-side in the Cloudflare Worker.
- The Extension's Content Security Policy (
script-src 'self'; object-src 'none') prevents execution of any remotely loaded script. - All user input in the bug report form is sanitized before transmission (HTML/script characters stripped, length limits enforced).
- Bug report submissions are rate-limited to a maximum of 3 per browser session.
6 Data Sharing and Third Parties
| Party | What Is Shared | Why |
|---|---|---|
| Cloudflare, Inc. | Network traffic to our two Worker endpoints | Infrastructure provider; acts as a data processor under a data processing agreement |
| Private Discord server (developer-controlled) | Contents of submitted bug reports only | Bug reports forwarded by the Cloudflare Worker for developer review |
7 Permissions Justification
Chrome Web Store policy requires a justification for every permission. Here is the complete list declared in manifest.json:
| Permission | Why It Is Required |
|---|---|
storage | Store your settings and action statistics locally on your device |
unlimitedStorage | Store an expanded set of CMP detection rules without hitting default storage quotas |
activeTab | Read the hostname of the active tab to check your whitelist and pre-fill the bug report form |
scripting | Inject the CMP API layer and YouTube/Facebook blocking scripts into page context |
webRequest | Inspect HTTP response headers to detect video/audio files for the video downloader |
downloads | Trigger browser downloads of video files detected on pages |
tabs | Query open tabs to broadcast settings changes; read current tab URL |
declarativeNetRequest | Block YouTube ad network request URLs via declarative rules — without reading page content |
webNavigation | Detect page navigation to clear the per-tab video list on navigation |
Host: https://bug-report-proxy.supsupq.workers.dev/* | Send bug reports to the Cloudflare Worker proxy |
Host: https://cmp-rules-api.supsupq.workers.dev/* | Fetch updated CMP detection rules |
| Host: YouTube, Instagram, Facebook | Run site-specific content scripts for ad/shorts/reels blocking on those platforms |
Host: https://*/*, http://*/* | Run the cookie-banner detection content script on any website |
8 Your Rights
8.1 GDPR — EU / EEA Residents
If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) grants you the following rights:
- Right of access (Art. 15) — Request a copy of any personal data we hold about you. In practice, the only personal data we hold is in submitted bug reports.
- Right to rectification (Art. 16) — Request correction of inaccurate personal data.
- Right to erasure (Art. 17) — Request deletion of your data. To delete all local extension data, uninstall the Extension (Chrome removes all extension storage on uninstall).
- Right to restriction of processing (Art. 18) — Request that we restrict processing of your personal data.
- Right to data portability (Art. 20) — Request your data in a structured, machine-readable format.
- Right to object (Art. 21) — Object to processing based on legitimate interest.
- Right to withdraw consent — If you have submitted a bug report, contact us to request its deletion.
Legal basis for processing: All processing described in this policy is based on either (a) legitimate interest — core extension functionality you actively installed and configured — or (b) consent — voluntary bug report submission. No processing is based on a contract or legal obligation.
Controller / DPO contact: bidjoexterminate@gmail.com — we respond within 30 days.
You also have the right to lodge a complaint with your local supervisory authority. List of EU authorities: edpb.europa.eu.
8.2 CCPA / CPRA — California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you the following rights:
- Right to know — Know what categories of personal information we collect and how it is used. See Sections 2 and 4.
- Right to delete — Request deletion of personal information we have collected. Contact us at bidjoexterminate@gmail.com.
- Right to correct — Request correction of inaccurate personal information.
- Right to opt-out of sale or sharing — We do not sell or share your personal information for cross-context behavioral advertising or any commercial purpose. No opt-out mechanism is required because no sale or sharing occurs.
- Right to non-discrimination — We will not discriminate against you for exercising any of these rights.
CCPA Categories of Personal Information Collected
| CCPA Category | Collected? | Details |
|---|---|---|
| Identifiers (name, email, IP) | Only if you submit a bug report | Email address you provide voluntarily |
| Internet / network activity (browsing history, search history) | No | — |
| Geolocation data | No | — |
| Commercial information | No | — |
| Biometric information | No | — |
| Sensitive personal information | No | — |
9 Children's Privacy
The Extension does not target children and does not knowingly collect personal information from individuals under the age of 13 (or under 16 for EU residents under GDPR). If you believe a child has submitted a bug report containing personal information, please contact us at bidjoexterminate@gmail.com and we will delete it promptly.
10 International Data Transfers
The Extension's Cloudflare Worker endpoints are operated by Cloudflare, Inc., a US company. If you are located in the EU/EEA, data from bug reports you submit may be transferred to and processed in the United States. Cloudflare participates in the EU–U.S. Data Privacy Framework and applies Standard Contractual Clauses (SCCs) for EU data transfers. See Cloudflare's privacy policy for details.
11 Data Retention
| Data | Retention Period |
|---|---|
Local preferences (chrome.storage.local / sync) |
Until you uninstall the Extension or clear extension data manually in Chrome settings |
| Bug report submissions | Retained in the developer's Discord channel until manually deleted; deleted upon your request to bidjoexterminate@gmail.com |
12 Changes to This Policy
If we make material changes to this Privacy Policy, we will update the "Last Updated" date at the top of this page. For significant changes that affect your rights, we will note the change in the Extension's update release notes on the Chrome Web Store. Continued use of the Extension after the effective date of a revised policy constitutes acceptance of the changes.
13 Contact Information
For privacy-related questions, data subject requests, or other concerns:
- Developer: Bidjex
- Email: bidjoexterminate@gmail.com
- Privacy Policy URL: https://exterminate88.github.io/bidjex/privacy-policy.html
We aim to respond to all requests within 30 days.