1. Who we are
Custom Script Injector is a free, open-source browser extension developed by Carlos de Alfonso Laguna (@dealfonso). The source code is publicly available at github.com/dealfonso/custom-script-injector.
This Privacy Policy applies to the browser extension itself and to this landing page (damadenacar.com/custom-script-injector).
2. Data we do NOT collect
We do not collect, store, transmit, or share any of the following:
- Personal information (name, email address, IP address, etc.)
- Browsing history or the URLs you visit
- Content of the web pages you browse
- The scripts you write or their contents
- Usage statistics or crash reports
- Identifiers of any kind
The extension declares "data_collection_permissions": { "required": ["none"] }
in its Firefox manifest, confirming that no user data is collected.
3. Data stored on your device
The extension stores the following information locally on your device only, using the browser's built-in storage APIs. This data never leaves your browser.
-
Your scripts — names, JavaScript code, URL patterns, and autorun settings.
Stored via
chrome.storage.local. -
UI preferences — e.g., whether the "show other scripts" toggle is on.
Stored via
chrome.storage.local. -
Interface language preference — the language you select in the Options tab.
Stored via
chrome.storage.sync(synced across your own browser profile if you have sync enabled).
You can clear all extension data at any time by removing the extension from your browser or by clearing extension storage from the browser's developer tools.
4. Browser permissions explained
The extension requests the following permissions:
-
activeTab— Allows reading the URL of the current tab to determine which scripts apply to it. The extension does not read or store the content of the page. -
scripting— Required to inject the JavaScript scripts you write into web pages, upon your explicit action or when autorun is enabled for a matching page. -
storage— Used to save your scripts and preferences locally in the browser. -
notifications— Used to display a system notification when a script runs automatically in the background. -
host_permissions: <all_urls>— Required so that scripts can be injected into any website you configure them for. The extension does not use this permission to read or transmit any page content.
5. Third-party services
The extension itself makes no requests to any third-party server. It operates entirely offline once installed.
This landing page loads the Inter font from Google Fonts, which may result in a request to Google's servers. This is the only third-party resource loaded by the landing page and does not apply to the extension itself.
6. User-executed scripts
Custom Script Injector runs JavaScript code that you write. The extension acts solely as a delivery mechanism; it does not inspect, analyze, or transmit the content of your scripts or the results of their execution.
You are solely responsible for the scripts you create. We recommend not writing scripts that collect or transmit personal data from web pages you visit.
7. This landing page
This landing page stores your language preference in localStorage under the key
csi_lang. This data stays in your browser and is not transmitted to any server.
No cookies, analytics scripts, tracking pixels, or advertising are used on this page.
8. Children's privacy
This extension is not directed at children under 13 (or the applicable age in your jurisdiction). Since we do not collect any personal data, there is no risk of inadvertent collection of children's information.
9. Changes to this policy
We may update this Privacy Policy if the extension's functionality changes. Any update will be reflected on this page with a revised "Last updated" date. Since no personal data is collected, changes will not affect your privacy in any material way.
10. Contact
If you have any questions about this Privacy Policy, please open an issue on GitHub or contact us through damadenacar.com.