Privacy Policy — Utiq Detector extension

Install the Utiq Detector extension

Detects Utiq on the sites you visit, right in your browser.

This policy explains what the Utiq Detector browser extension (Chrome and Firefox) does with data. In short: the extension analyses pages locally in your browser and sends nothing about the sites you visit. The only data that ever leaves your browser is a single domain name, and only when you explicitly click "Report this site".

Last updated: 14 June 2026.

Who is responsible

The Utiq Detector extension and the reference site utiq-tracker.online are published by Christophe Boutry, Paris (75012), France, acting as data controller. Contact for any privacy question: contact@christopheboutry.com.

What the extension does — entirely on your device

To tell you whether the current site uses Utiq, the extension inspects the page locally, inside your browser: page scripts, the window.Utiq object, localStorage entries (utiqPass, mtid, atid), utiq* cookies, DOM selectors, footer text, and network requests observed in read-only mode. None of this analysis is ever sent anywhere. Nothing about the pages you visit, your browsing history, your cookies or your identifiers leaves your device.

What we never collect

Data that does leave your browser

There are only two network exchanges, and neither reveals what you browse.

1. Downloading the reference list. Every six hours the extension fetches the public list of known Utiq sites (sites.json) from utiq-tracker.online, with a GitHub mirror as a fallback. This is an ordinary HTTPS request: it tells our server only that "an extension asked for the list", not which sites you visit. The site is served behind Cloudflare (CDN and abuse protection), which processes standard technical metadata (IP address, user agent) transiently according to Cloudflare's privacy policy. Our origin server keeps no access logs for these downloads (web-server access logging is disabled), and we make no personal use of them.

2. Reporting a site — only when you click. If you choose to press "Report this site" on a site that uses Utiq but is missing from the list, the extension sends a single request to /api/v1/report containing only:

That is the entire payload. Your IP address is never stored with a report: it is used only momentarily, in memory, to rate-limit abuse (a sliding one-hour window), then discarded. Reports are stored as a domain with a counter, contain no personal data, and exist only to help us verify and add genuine sites to the public list.

What is stored locally on your device

Using your browser's chrome.storage.local (never transmitted), the extension keeps: the cached copy of the reference list, and the list of domains you have chosen to report (reported_domains, so you are not asked twice). You can clear this at any time by removing the extension.

Browser permissions and why they are needed

These permissions serve detection only. They are not used to collect or transmit your browsing.

Legal basis (GDPR)

For EU users: the local analysis involves no processing of personal data by us, since nothing leaves your device. Sending a report relies on your explicit consent — the deliberate click on "Report this site". The transient use of your IP for rate limiting relies on our legitimate interest in keeping the service available and free of abuse; it is not stored.

Retention

Sharing and third parties

We do not share data with advertisers or data brokers. The only third parties involved are infrastructure providers acting on our behalf: Cloudflare (CDN and security) and GitHub (mirror of the public list). The public site list itself is open data (CC BY 4.0) and contains no information about you.

Your rights

Under the GDPR you have rights of access, rectification, erasure, restriction, objection and portability. Because the extension holds no personal data about you and reports contain none, in practice there is little for us to act on — but you can contact contact@christopheboutry.com with any request or question, and you may lodge a complaint with your supervisory authority (in France, the CNIL).

Children

The extension is not directed at children and collects no data from anyone.

Changes to this policy

We may update this policy as the extension evolves. The "last updated" date above always reflects the current version, and material changes will be noted on this page and in the extension's listing on the stores.

This page

This page itself contains no tracker, no analytics and no third-party script.

← Back to home