Privacy Policy — Utiq Detector extension
Install the Utiq Detector extension
Detects Utiq on the sites you visit, right in your browser.This policy explains what the Utiq Detector browser extension (Chrome and Firefox) does with data. In short: the extension analyses pages locally in your browser and sends nothing about the sites you visit. The only data that ever leaves your browser is a single domain name, and only when you explicitly click "Report this site".
Last updated: 14 June 2026.
Who is responsible
The Utiq Detector extension and the reference site utiq-tracker.online are published by Christophe Boutry, Paris (75012), France, acting as data controller. Contact for any privacy question: contact@christopheboutry.com.
What the extension does — entirely on your device
To tell you whether the current site uses Utiq, the extension inspects the page locally, inside your browser: page scripts, the window.Utiq object, localStorage entries (utiqPass, mtid, atid), utiq* cookies, DOM selectors, footer text, and network requests observed in read-only mode. None of this analysis is ever sent anywhere. Nothing about the pages you visit, your browsing history, your cookies or your identifiers leaves your device.
What we never collect
- No full URLs, paths, query strings or page titles.
- No browsing history.
- No cookies, no Utiq identifiers, no personal data.
- No analytics, no advertising, no tracking, no third-party SDK, no profiling.
- We never sell or share your data. There is nothing to sell.
Data that does leave your browser
There are only two network exchanges, and neither reveals what you browse.
1. Downloading the reference list. Every six hours the extension fetches the public list of known Utiq sites (sites.json) from utiq-tracker.online, with a GitHub mirror as a fallback. This is an ordinary HTTPS request: it tells our server only that "an extension asked for the list", not which sites you visit. The site is served behind Cloudflare (CDN and abuse protection), which processes standard technical metadata (IP address, user agent) transiently according to Cloudflare's privacy policy. Our origin server keeps no access logs for these downloads (web-server access logging is disabled), and we make no personal use of them.
2. Reporting a site — only when you click. If you choose to press "Report this site" on a site that uses Utiq but is missing from the list, the extension sends a single request to /api/v1/report containing only:
domain— the bare hostname (e.g.example.com), with no path, query or page title;detected_by— the technical reason it was flagged (e.g.script_src);extension_version— the extension version.
That is the entire payload. Your IP address is never stored with a report: it is used only momentarily, in memory, to rate-limit abuse (a sliding one-hour window), then discarded. Reports are stored as a domain with a counter, contain no personal data, and exist only to help us verify and add genuine sites to the public list.
What is stored locally on your device
Using your browser's chrome.storage.local (never transmitted), the extension keeps: the cached copy of the reference list, and the list of domains you have chosen to report (reported_domains, so you are not asked twice). You can clear this at any time by removing the extension.
Browser permissions and why they are needed
storage— cache the reference list locally.alarms— refresh that list every six hours.activeTab/scripting— inspect the current page to detect Utiq.webNavigation— know which site is in front so it can be compared to the list.webRequest— observe network calls to Utiq, in read-only mode (no request is blocked or modified).host_permissions <all_urls>— allow detection to run on any site you visit.
These permissions serve detection only. They are not used to collect or transmit your browsing.
Legal basis (GDPR)
For EU users: the local analysis involves no processing of personal data by us, since nothing leaves your device. Sending a report relies on your explicit consent — the deliberate click on "Report this site". The transient use of your IP for rate limiting relies on our legitimate interest in keeping the service available and free of abuse; it is not stored.
Retention
- List downloads: no access logs retained on our origin server; Cloudflare metadata is handled under its own policy.
- Report IP addresses: never stored — kept in memory at most one hour for rate limiting.
- Reports: kept as domain + counter (no personal data) until reviewed, then either added to the public list or discarded.
- Local data on your device: kept until you clear it or remove the extension.
Sharing and third parties
We do not share data with advertisers or data brokers. The only third parties involved are infrastructure providers acting on our behalf: Cloudflare (CDN and security) and GitHub (mirror of the public list). The public site list itself is open data (CC BY 4.0) and contains no information about you.
Your rights
Under the GDPR you have rights of access, rectification, erasure, restriction, objection and portability. Because the extension holds no personal data about you and reports contain none, in practice there is little for us to act on — but you can contact contact@christopheboutry.com with any request or question, and you may lodge a complaint with your supervisory authority (in France, the CNIL).
Children
The extension is not directed at children and collects no data from anyone.
Changes to this policy
We may update this policy as the extension evolves. The "last updated" date above always reflects the current version, and material changes will be noted on this page and in the extension's listing on the stores.
This page
This page itself contains no tracker, no analytics and no third-party script.