ThreatCheck - Privacy Policy

Last updated: April 8, 2026

ThreatCheck does not collect, store, transmit, or sell any user data. All processing happens locally in your browser.

1. Overview

ThreatCheck is a free, open-source browser extension that helps security professionals look up indicators of compromise (IOCs) across multiple threat intelligence platforms. This privacy policy explains how ThreatCheck handles data.

2. Data collection

ThreatCheck does not collect any data. Specifically:

No personal information is collected (name, email, demographics, location, etc.)
No browsing history is recorded or transmitted
No page content is read, stored, or sent anywhere beyond what the user explicitly selects
No analytics or telemetry of any kind is implemented
No cookies or tracking mechanisms are used by the extension
No user behavior is monitored, profiled, or logged
No crash reports are sent to any server

3. Data stored locally

ThreatCheck stores the following data locally in your browser using chrome.storage.sync:

Data	Purpose	Stored where
Service on/off toggles	Remember which lookup services are enabled or disabled	Local browser storage only
API keys	Authenticate with optional threat intel services (VirusTotal, AbuseIPDB, etc.)	Local browser storage only
Auto-check preferences	Remember per-service auto-check toggle state	Local browser storage only

This data never leaves your browser. It is not transmitted to any server, including servers operated by the extension developer. If you use Chrome sync, this data may sync across your Chrome profiles per Google's own sync policies.

4. Network requests

ThreatCheck makes network requests only when the user explicitly triggers an IOC lookup, and only to the specific threat intelligence services the user has configured. These requests are:

User-initiated - they only happen when you select text and an API auto-check fires, or when you click a service link
Direct - calls go directly from your browser to the third-party service (e.g., api.virustotal.com). There is no intermediary server
Minimal - only the selected IOC value (IP address, domain, hash, etc.) is sent to the service. No other data is included

Third-party services

When you configure API keys and enable auto-check for a service, ThreatCheck sends the selected IOC to that service's API. Each service has its own privacy policy:

Service	Data sent	When
VirusTotal	The selected IOC (IP, domain, hash, URL)	Only when VT API key is configured and auto-check is enabled
AbuseIPDB	The selected IP address	Only when AbuseIPDB API key is configured and auto-check is enabled
Recorded Future	The selected IOC	Only when RF API token is configured and auto-check is enabled
OpenCTI	The selected IOC	Only when OpenCTI URL and token are configured and auto-check is enabled
Spur	The selected IP address	Only when Spur API token is configured and auto-check is enabled
URLScan.io	The selected URL or domain	Only when URLScan API key is configured and auto-check is enabled
DNSDumpster	The selected domain	Only when DNSDumpster API key is configured and auto-check is enabled
Validin	The selected domain or IP	Only when Validin API key is configured and auto-check is enabled
LeakCheck	The selected email address	Only when LeakCheck API key is configured and auto-check is enabled

No API calls are made unless you have explicitly configured an API key for that service and enabled auto-check in the extension settings. You can disable auto-check per service at any time.

5. Permissions

ThreatCheck requests the following browser permissions:

storage - to save your service preferences and API keys locally in the browser
contextMenus - to add a "Look up on ThreatCheck" option to the right-click menu when text is selected
Host permissions - the content script runs on all pages to detect text selection and display the lookup popup. API calls require access to specific service domains (virustotal.com, abuseipdb.com, etc.). No page content is read or transmitted beyond the text you explicitly select

6. Data sharing and selling

ThreatCheck does not:

Sell any data to third parties
Share any data with third parties for advertising purposes
Share any data with third parties for analytics purposes
Transfer any data to third parties for credit-related purposes
Transfer any data to third parties for any purpose unrelated to the extension's core functionality

7. Data security

API keys are stored in your browser's local extension storage (chrome.storage.sync). They are not encrypted by the extension beyond the browser's own storage protections. API keys are sent directly to the respective services over HTTPS. No API key is ever sent to any server other than the service it belongs to.

8. Children's privacy

ThreatCheck is a professional security tool not directed at children under the age of 13. The extension does not knowingly collect any personal information from anyone, including children.

9. Changes to this policy

If this privacy policy is updated, the changes will be reflected on this page with an updated date. Since ThreatCheck does not collect any data, significant changes to this policy are unlikely.

10. Open source

ThreatCheck is fully open source. You can inspect the complete source code to verify these privacy claims:

github.com/mthcht/threatcheck

11. Contact

For questions about this privacy policy, please open an issue on the GitHub repository:

github.com/mthcht/threatcheck/issues