Privacy Policy

ARGUS (“the Extension”) is a cybersecurity investigation and webpage analysis platform built as a Chrome browser extension. It provides security analysts, SOC teams, and threat hunters with tools to analyse web pages, network headers, scripts, and potential threats directly within the browser.

This Privacy Policy describes how ARGUS handles data when you install and use the Extension. By installing ARGUS, you agree to the practices described in this policy.

When you perform a scan or investigation, ARGUS analyses the current webpage and processes the following categories of data locally within your browser:

ARGUS uses the following browser storage mechanisms, all of which reside entirely on your local machine:

• chrome.storage.local — Persistent storage for settings, scan history, investigations, team data, and cached results. This data persists across browser sessions and is only accessible to the ARGUS extension.
• chrome.storage.session — Ephemeral storage for temporary session data such as active scan state. This data is automatically cleared when you close your browser.
• In-Memory — Active scan processing and real-time analysis data is held in the extension’s service worker memory and is discarded when the worker becomes idle or the browser is closed.

Data retention policies:

• Scan history is retained until you manually delete it or use the “Clear All Data” function in Settings
• Session data is automatically purged on browser close
• You may export your full dataset as JSON from the Settings panel at any time
• Uninstalling the extension removes all stored data

ARGUS does not share your data with any third parties for advertising, analytics, or tracking purposes. The extension may communicate with external services only in the following scenarios, all of which require your explicit action or configuration:

• AI/LLM Providers — When you configure and use AI analysis features, page content may be sent to your chosen provider (OpenAI, Anthropic, Google AI, or a custom endpoint). You supply the API key and control which provider is used.
• Threat Intelligence APIs — If you configure VirusTotal, AbuseIPDB, Shodan, or similar threat-intel services, specific IOCs (URLs, hashes, IPs) may be queried against those APIs using your own API keys.
• WHOIS / DNS Lookups — Domain information lookups may query public WHOIS and DNS services to provide registration and infrastructure data about scanned domains.

ARGUS does not include:

• Analytics or telemetry SDKs (no Google Analytics, Mixpanel, Amplitude, etc.)
• Advertising networks or tracking pixels
• Crash reporting services that transmit data externally
• Any “phone home” functionality to ARGUS-owned servers

ARGUS requests only the permissions necessary for its cybersecurity analysis features. Below is a full explanation of each permission and why it is needed:

ARGUS implements the following security measures to protect your data:

• Content Security Policy (CSP) — Strict CSP headers prevent unauthorized script execution within extension pages. Only scripts from the extension itself are allowed to run.
• Local-Only Storage — All data is stored in Chrome’s sandboxed extension storage, isolated from other extensions and websites.
• No External Dependencies at Runtime — The extension does not load remote scripts, stylesheets, or resources at runtime. All code is bundled and reviewed before release.
• API Key Isolation — API keys are stored separately from general data and are only included in requests to their designated service endpoints.
• Minimal Data Collection — The extension follows a strict data-minimisation principle, only processing data that is directly required for the requested analysis.
• Service Worker Architecture — The MV3 service worker model ensures the background process is automatically terminated when idle, reducing the attack surface.
• Input Sanitisation — All user inputs and page-extracted data are sanitised before processing to prevent injection attacks.

Because ARGUS stores all data locally in your browser, you have full and direct control over your data at all times:

• Access — View all stored data through the extension’s Settings page or by inspecting chrome.storage.local via Chrome DevTools.
• Export — Export your complete dataset (settings, scan history, investigations) as a JSON file at any time from the Settings page.
• Delete — Use the “Clear All Data” function in Settings to erase all stored data, or selectively delete individual scan results and investigations.
• Portability — Exported JSON data can be imported into another ARGUS installation, giving you full data portability.
• Uninstall — Removing the extension from Chrome will automatically delete all associated local storage data.

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with applicable data protection laws: since ARGUS does not collect or transmit personal data to external servers, traditional GDPR data-subject requests (access, rectification, erasure) are fulfilled directly through the extension’s built-in data management features described above.

ARGUS is a professional cybersecurity tool designed for security analysts and IT professionals. The extension is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction).

We do not knowingly collect any personal information from children. Since all data is stored locally and no information is transmitted to external servers, there is no mechanism through which children’s data could be collected by us.

We may update this Privacy Policy from time to time to reflect changes in the extension’s functionality or applicable regulations. When we make changes:

• The “Last Updated” date at the top of this page will be revised
• Material changes will be highlighted in the extension’s changelog and update notes
• The updated policy will be made available both on this page and within the extension

We encourage you to review this policy periodically. Continued use of ARGUS after changes are posted constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or the ARGUS extension’s data practices, please reach out through any of the following channels: