Privacy Policy — CapScript Web

Effective date: May 11, 2026

CapScript Web is a browser extension that lets you search YouTube transcripts and jump to matching timestamps. This policy explains what data the extension touches, where it goes, and why.

What the extension does with your data

The extension only reads transcript text, timestamps, and the video ID from a YouTube page when you actively trigger a search. It doesn't run in the background or scan pages you haven't opened the extension on.

Everything it reads is either used instantly or cached locally in your browser (chrome.storage.local / chrome.storage.session). That local cache includes:

None of this is sent anywhere unless you activate a license or submit feedback — both described below.

License activation and validation

If you use a paid license, the extension needs to verify it's valid and hasn't been activated on too many devices. To do that, it computes a hashed device fingerprint in your browser using things like your screen size, platform, logical CPU count, and GPU renderer string. These are combined and hashed with SHA-256 — only the resulting hash is ever sent to our server. The raw values stay on your device.

The server stores your license identifier and that hash. It uses them to confirm your license is active and to enforce device limits. It doesn't receive anything that directly identifies you as a person.

License tokens are time-limited JWTs signed by the server. Validation requests just confirm the token is still valid for the device that activated it.

Optional feedback

There's an optional feedback form in the extension (a rating and a free-text field). If you submit it, the message, your rating, a timestamp, and basic browser metadata (user agent, platform) are sent through EmailJS to the developer's inbox. Feedback is completely optional and nothing is sent if you don't use the form. If you include personal details in the message, those will be in the email.

Third parties involved

Remote code

The extension does not download or execute any remote JavaScript or WebAssembly at runtime. Everything that runs in your browser is bundled in the extension package you installed.

Data retention

Local data stays in your browser until you clear it through the extension UI, uninstall the extension, or clear your browser storage. You can also export your data as CSV, JSON, or plain text.

Server-side license and device records persist until revoked or removed. Operational server logs are retained for up to 90 days and then deleted or anonymized.

Security

All communication between the extension and our servers uses HTTPS. License tokens are signed and time-limited. Local storage is protected by your browser's own security sandbox — we don't add an extra encryption layer on top of chrome.storage.local.

Your rights

You can export or clear your local data at any time through the extension. To request deletion or export of server-side records (your license and device hash), email the address below and include proof of purchase. EU/EEA and California residents can exercise applicable data subject rights the same way.

Children's privacy

This extension isn't directed at children under 13 and we don't knowingly collect data from them.

Changes to this policy

If anything material changes, the effective date at the top will be updated. For significant changes we'll try to give notice through the extension or the Chrome Web Store listing.

Contact

Maintainer: ~serptail

Email: serptail2@gmail.com

Website: https://serptail.github.io/CapScript-Web/