Compliance

Extension Data Disclosure

Last updated: April 1, 2026

This page is a public, reviewer-friendly summary of what the StayLogged browser extension accesses, what data it transmits, and how the product limits the use of that data.

Reviewer Summary

StayLogged is an account-based browser extension for encrypted browser cookie backup, restore, and sync. The extension requests optional cookies and <all_urls> access only when the user enables the product. That access is needed because browser cookies are tied to individual site domains and paths. Cookie payloads are encrypted locally before they are sent to StayLogged services for backup and sync delivery.

Permissions Requested

cookies

  • Used to read cookies from a selected browser cookie store.
  • Used to write cookies back during restore.
  • Used to remove or replace cookies during sync application.
  • Used to observe cookie changes for enabled sync rules.

<all_urls>

  • Used because cookies are scoped per domain and path.
  • Required for cookie operations across the domains the user chooses to back up or sync.
  • Not used to scrape page content or inspect browsing sessions as a separate analytics feature.

What Stays Local

  • Local encryption and decryption of cookie payloads.
  • Local storage of key material and local database state used by the extension.
  • Local rule configuration, runtime state, mutation queues, and browser-side diagnostics unless the product explicitly sends operational records to the service.

What Leaves the Browser

  • Encrypted cookie backup payloads.
  • Encrypted cookie sync mutations.
  • Account registration, login, session, device, and authorization data needed to operate the account-based service.
  • Operational metadata such as device identifiers, account identifiers, session identifiers, cloud store identifiers, timestamps, and audit/security records used to run the service.

Remote Services Used by the Extension

  • HTTPS API requests for account registration, sign-in, session refresh, device management, backup management, subscription redemption, and cloud store management.
  • WebSocket connections for encrypted sync delivery after the user enables sync and signs in.

Encryption and Server Visibility

StayLogged is designed so that cookie backup and sync payloads are encrypted on-device before upload. The server needs account and operational metadata to authenticate devices and deliver service features, but encrypted cookie payloads are intended to remain unreadable to the operator without device-held keys.

What the Extension Does Not Do

  • It does not request cookie access silently at install time; permission is requested in product flow.
  • It does not use remote hosted code to execute extension logic.
  • It does not sell user data for advertising.
  • It does not treat browsing history as a separate monetized dataset.

Whether the Core Feature Works Without Optional Permissions

No. The core product feature is encrypted browser cookie backup, restore, and sync. Without optional cookies and <all_urls> access, those features cannot function.

Deletion and Support

Users can request account deletion and support by contacting support@staylogged.com. The public deletion workflow is described on the account deletion page.

Related Compliance Pages

Review the full privacy and service terms pages for the complete legal and operational context.

Privacy PolicyTerms of ServiceAccount Deletion