← AllAdsBlock

Privacy Policy

Last updated: June 18, 2026. Operated by ShellyApps (Israel).

AllAdsBlock is built to protect your privacy, not exploit it. We do not run analytics on you, we do not sell data, and the extension does not transmit your browsing history to us. This policy explains exactly what happens with your data.

1. Data stored on your device only

The following never leaves your browser except via Chrome's own optional settings-sync:

• Blocking statistics — counts of ads, trackers, pop-ups, and threats blocked (per site and in total), shown in the popup.
• Per-page threat log — a rolling in-memory list of security events detected on the current page (threat category and timestamp only). Cleared on every page navigation. Never written to disk or transmitted.
• CDN script hashes (Ultimate plan) — SHA-256 fingerprints of third-party CDN scripts observed on pages you visit, stored locally in chrome.storage.local to detect tampering on future visits. Only the hash is stored — never the script content itself.
• Your allowlist — sites you've paused protection on.
• License / promo state — whether you're on Free, Pro, or Ultimate and your key (stored in Chrome storage.sync).

2. Information sent off your device

• Payments & license validation — LemonSqueezy. Purchases are processed by our reseller LemonSqueezy (a Merchant of Record). When you activate a paid license, your license key is sent to LemonSqueezy's API to confirm it's valid. We never see or store your card details. See LemonSqueezy's privacy policy at lemonsqueezy.com/privacy.
• Malware/phishing threat feed. The extension periodically downloads a public malware-domain list from URLhaus (abuse.ch). This is a standard one-way download — no information about you or the sites you visit is sent.
• CDN script integrity checks (Ultimate plan). When a page loads a script from a public CDN (e.g. unpkg.com, cdnjs.cloudflare.com, jsdelivr.net), the extension downloads a copy of that script to compute its hash and compare it against a locally stored baseline. The request goes directly to the CDN — the CDN server may log your IP address as part of normal server logging, but no information about you or the page you are visiting is sent in the request. We receive nothing from these requests.
• Family/promo keys are verified entirely on your device (offline) and contact no server.

That is the complete list of network connections the extension makes. There is no analytics, advertising, or tracking SDK of any kind.

3. Ultimate plan — on-device security features

The Ultimate plan includes active security protections that analyse page content and browser APIs locally. All processing happens exclusively on your device. The data each feature accesses, and what it does with it:

• Clipboard hijack protection. Reads clipboard text only during your own copy events (i.e. when you press Ctrl+C / Cmd+C). The content is checked against a crypto-wallet address pattern. If a substitution is detected, the original selection is restored. Clipboard content is never stored or transmitted.
• Formjacking / Magecart detection. Reads the action attribute of <form> elements to check whether they submit to a different domain. No form values or user input are ever read.
• Hidden autofill-field detection. Checks whether password or payment-card input fields are positioned off-screen or invisible — a known data-harvesting technique. Input values are never read.
• Tab-napping protection. Monitors the page <title> element for changes while the browser tab is not in focus, to detect impersonation attempts.
• DNS rebinding protection. Intercepts outgoing fetch and XMLHttpRequest calls made by the page and blocks any that target private IP ranges (192.168.x.x, 10.x.x.x, 127.x.x.x, localhost). The URL of blocked requests is not stored or transmitted.
• WebRTC local IP leak prevention. Intercepts WebRTC ICE candidate events and suppresses candidates that would expose your local network IP address. No connection data is stored or transmitted.
• Notification spam auto-deny. Overrides the browser Notification permission prompt so that permission requests from websites are automatically denied without prompting you. No data is stored or transmitted.
• Keylogger hook detection. Monitors for JavaScript attempts to override HTMLInputElement.prototype.value — a technique used by credential-stealing scripts. Detects the override attempt only; keyboard input is never read or recorded.
• Tab-napping & tech-support scam detection. Reads visible text content of large fixed-position overlays to identify known tech-support scam phrases. Page text is checked locally and never transmitted.
• Anti-fingerprinting. Adds imperceptible noise to canvas rendering and masks browser plugin lists to make fingerprinting less reliable. No data is collected.

4. What we do not collect

We do not collect your browsing history, URLs you visit, page contents, form values, keyboard input, clipboard contents, or any personally identifying information. Every security check described above runs locally in your browser and the results stay on your device.

5. Permissions

The extension requests broad host access (<all_urls>) because ad, tracker, and threat blocking must work on every site you visit. This access is used solely to apply blocking rules and run on-page protections — not to record or transmit your browsing activity.

6. Children

AllAdsBlock is not directed to children under 13 and does not knowingly collect data from them.

7. Changes

We may update this policy; material changes will be reflected here with a new date. Significant changes will also be noted in the extension's release notes.

8. Contact

Questions about privacy: ambarshely@gmail.com.

← Back to home · Terms · Refunds