Session Vault Privacy Policy

Effective date: June 24, 2026

Session Vault is a Chrome extension that locks selected website sessions, or all website cookies if enabled, behind a local encrypted vault.

Data Session Vault Processes

Session Vault processes the following data locally in the user's browser profile:

• Cookie names, values, domains, paths, expiration dates, security attributes, same-site attributes, store IDs, and partition keys for protected sites or all websites when all-cookie mode is enabled.
• Protected site/group configuration.
• Protected tab URLs needed to shield tabs while locked and restore them after unlock.
• Extension settings such as idle timeout, lock-on-computer-lock, and all-cookie mode.
• Encrypted vault records, transaction journal metadata, and diagnostics that do not include cookie values, passwords, or encryption keys.

Session Vault does not intentionally collect page contents, form contents, personal communications, financial information, health information, precise location, or browsing history beyond the cookie domains and tab URLs needed to provide its locking feature.

How Data Is Used

Session Vault uses this data only to:

• Encrypt protected cookie snapshots.
• Delete live protected cookies while locked.
• Restore protected cookies after password unlock.
• Block protected web requests while locked.
• Shield protected tabs while locked.
• Recover safely after browser restart, extension restart, or interrupted lock/unlock transactions.

Local Storage and Encryption

Cookie values are encrypted locally with AES-GCM before being stored in extension persistent storage.

The master password is never stored. The vault master key is wrapped with a password-derived key and stored only as authenticated ciphertext. When unlocked, the unwrapped vault key is kept in Chrome's in-memory extension storage and is cleared when the browser restarts, the extension reloads, or the vault locks.

Network Transfer

Session Vault makes no external network requests of its own.

Session Vault does not transmit cookie values, passwords, encryption keys, protected domain lists, browsing data, vault contents, analytics, telemetry, crash reports, or usage events to the developer or to third parties.

Third-Party Sharing and Sale

Session Vault does not sell, rent, share, transfer, or disclose user data to third parties for advertising, analytics, profiling, credit-worthiness, or data brokerage.

Session Vault does not use user data for personalized advertising.

Chrome Web Store Limited Use Statement

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Session Vault limits use of user data to providing and improving its single purpose: locking and restoring local browser cookie sessions.

Data Retention and Deletion

Encrypted vault data and settings remain in the user's local browser profile until the user removes protected groups, clears extension storage, or uninstalls the extension.

Uninstalling Session Vault removes extension storage managed by Chrome. Cookies restored into Chrome are controlled by Chrome and the websites that set them.

Security Limits

Session Vault is intended to reduce risk from an unattended, still-signed-in browser. It does not protect against malware, administrator/root access, malicious extensions, memory inspection while unlocked, disabling or uninstalling the extension, or sensitive content that is already visible on screen before lock.

Session Vault does not encrypt localStorage, IndexedDB, CacheStorage, service workers, or browser cache in the first release.

Contact

Publisher/contact: Michael Ashworth michael.ashworth@hotmail.com.