Website Blocker logo Website Blocker

Privacy Policy — Website Blocker

Last updated: May 2, 2026 · Contact: developerext7@gmail.com

The short version: Website Blocker runs entirely inside your own Chrome. Your blocklist, schedule, statistics and tasks live on your device. We do not have a backend that receives the sites you visit, the sites you block, or what you do with the extension. There is no account, no signup, no tracking of your browsing history or blocklist.

This Privacy Policy describes how the Chrome extension "Block Websites on Chrome — Website Blocker & Focus Timer" ("the Extension", "we") handles data. The Extension is available on the Chrome Web Store. It runs on the user's machine and has no server-side component.

1. Our principles

  • Privacy policies should be human-readable. No legal cosplay, no template boilerplate describing things we don't do.
  • The simplest data practice is no data practice. The less we collect, store, or transmit, the less can leak.
  • Match the reasonable expectation of the user. You installed an extension that blocks sites and runs a focus timer. It does that and nothing else.

2. What data we process

2.1 Stored locally on your device

  • Your settings — stored in chrome.storage.local and (for cross-device sync) chrome.storage.sync. This includes:
    • Blocked domains, URL patterns and keywords you added
    • Custom and enabled categories
    • Schedule (days and time ranges)
    • Focus Mode settings (focus / break duration, cycle count, focus-mode kill-list)
    • Password hash and recovery code hash (both SHA-256, never the plain password or plain code)
    • Theme (light or dark) and other UI toggles
    • Tasks and to-do categories you created
  • Statistics — daily counts of blocked attempts, completed focus sessions, focus minutes and per-site block counts. Stored locally and auto-cleaned after 90 days.

We do not store your browsing history or the content of pages you visit.

2.2 Data sent to our servers

None. The Extension does not send your blocklist, schedule, password, statistics or browsing activity to any server.

2.3 Anonymous product analytics

The Extension may send anonymous product-usage events to Amplitude using its EU endpoint (api.eu.amplitude.com) so that data never leaves the EU. Analytics is best-effort and used only to understand which features are useful.

What is sent:

  • Event names (for example focus_session_started, site_blocked, popup_opened) and non-identifying properties such as the source surface (popup / settings), an enabled / disabled flag, a category preset id (e.g. social), focus timer durations, extension version, OS name and browser language
  • A randomly generated device_id stored locally so events from the same install can be grouped. It contains no account info and is not linked to any personal identifier
  • Aggregate user properties: extension version, install date, whether a password is set (boolean only), the counts of blocked sites / focus sites / completed focus sessions / total focus minutes / completed tasks, and whether a schedule is enabled

What is never sent:

  • The domains, URLs, URL patterns or keywords in your blocklist
  • Visited URLs or browsing history
  • Passwords, recovery codes, task or category names you typed
  • Your IP address or any geolocation derived from it — Amplitude is configured at the project level to drop the request IP and not infer country, region or city from it, so no location data is stored against your events

Sampling. Only a randomly selected portion (currently 50%) of installations send events at all. The decision is made once per install and stored locally; it is not based on any user property.

You may disable analytics entirely from the extension's Settings page.

2.4 Third-party favicon requests

When the Extension renders a list of blocked or top-blocked sites in the popup or settings, your browser loads the favicon for each domain from Google's public favicon service (https://www.google.com/s2/favicons?domain=...). This means Google sees the domain names in your blocklist at the moment the UI is rendered. The Extension itself does not send anything to Google; the request is made by your browser as a normal image fetch. If you prefer not to share these domains with Google, you can avoid opening the relevant settings tabs or block google.com/s2/favicons at the network level.

2.5 Welcome and support pages

The Extension may open this welcome page on first install. The static pages on websiteblocker.pro are served from a standard web server, which logs visits (IP address, user-agent, timestamp) for operational diagnostics. These visits happen because you opened the page in your browser, not because the Extension reports your activity.

2.6 Uninstall feedback form

If the Extension is uninstalled, the browser may open websiteblocker.pro/uninstall/. That page embeds an optional Google Forms survey so you can tell us why you uninstalled. Submitting the form is entirely voluntary — you can close the page without filling anything in.

If you do submit the form, the responses are processed by Google Forms, which is a third-party service. Google may collect the information you enter, your browser metadata, and technical request data according to Google's own privacy policy. We only see the answers themselves — we do not link them to any account or identifier. Please do not include sensitive personal data in your feedback.

3. What we do NOT collect

  • Names, email addresses, phone numbers, postal addresses
  • Account credentials, passwords, authentication tokens (your blocker password is hashed and stored locally — we never see it)
  • Payment or financial information
  • The content of pages you visit
  • The list of sites you have on your blocklist
  • Your browsing history
  • Keystrokes, mouse movements, or screen recordings
  • Data from children under 13 (knowingly)

4. Permissions we request and why

  • storage — to save your blocklist, schedule, settings and statistics on your device
  • tabs — to redirect a tab to the "blocked" page when you try to visit a blocked site, and to read the URL of the active tab when you click the popup so the "Block this site" button knows what to add
  • activeTab — temporary access to the active tab's URL when you click the popup, used to show whether the current site is on your blocklist
  • webNavigation — to detect navigation events to blocked URLs and stop them before the page loads
  • alarms — to drive the Pomodoro timer and the schedule (start / end of blocking windows)
  • Host permissions (http://*/*, https://*/*) and a content script on all URLs — required for the Extension to read the URL / hostname of every page you visit so it can decide locally whether to redirect it to the block page. The Extension never transmits visited URLs to any server. This permission cannot be narrower because the user defines arbitrary blocklists at runtime

All permissions are used only for the purposes above and only when needed.

5. Data retention

  • Local settings and blocklist — stay on your device until you uninstall the Extension or clear Chrome's extension storage
  • Statistics — kept for 90 days, then automatically deleted
  • Web-server logs for the welcome / support pages — rotated automatically (typically a few weeks)
  • Anonymous analytics events — retained according to Amplitude's standard retention policy and not linked to your identity

6. Data sharing and selling

We do not sell, rent, or trade any data. We do not share user data with advertisers or anyone else.

7. Your rights

Because we do not collect personal data, there is nothing tied to "you" that we could look up on our side. You can:

  • Delete your local data by uninstalling the Extension or clearing extension storage in Chrome's settings
  • Disable analytics from the Settings page
  • Contact us at developerext7@gmail.com with any questions or concerns

If you are located in the EEA, UK, or California, you have rights under GDPR / UK GDPR / CCPA including access, rectification, erasure, and objection. Contact us at the email above to exercise these rights.

8. International data transfers

The web server hosting websiteblocker.pro is a VPS in the European Union. The Extension itself does not transfer your blocklist or settings internationally because it does not transmit them at all.

9. Security

Web traffic to websiteblocker.pro is protected by HTTPS / TLS. The blocker password is stored only as a SHA-256 hash in chrome.storage on your device — we never see it. The recovery code is stored as a SHA-256 hash too, so a forgotten password can be reset by entering the original recovery code without us ever knowing the value.

10. Children

The Extension is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has used the Extension, contact us and we will take appropriate action.

11. Changes to this policy

If we change this policy, we will update the "Last updated" date at the top. Material changes will be communicated via the Chrome Web Store listing and / or our website.

12. Contact

Questions, requests, or privacy concerns:
developerext7@gmail.com