SILENT RECON

Legal

Privacy Policy for Silent Recon

Effective date: April 16, 2026

Silent Recon is a browser extension for cybersecurity professionals that performs browser-side reconnaissance and passive security analysis during normal browsing sessions.

What Silent Recon Does

Silent Recon observes browser activity on pages where the extension is enabled in order to help users identify web application attack surface, workflow paths, security misconfigurations, authentication and session indicators, JavaScript intelligence, and related reconnaissance signals.

Data Handling

Silent Recon currently performs its analysis locally in the user's browser. Silent Recon does not intentionally collect, store on developer-controlled servers, or transmit browsing data to external services as part of the current 1.0 product.

The extension may locally process and locally store information derived from the pages and network activity the user chooses to inspect, which can include:

  • visited page URLs and titles
  • request and response headers
  • request methods and endpoint paths
  • limited request and response body samples used for local detection logic
  • JavaScript asset URLs
  • localStorage and sessionStorage key names only
  • derived findings, auth/session indicators, endpoint inventories, workflow chains, sessions, and saved targets

This information is stored locally using the browser extension storage available on the user's device so the user can review results across sessions.

Exports

Silent Recon includes export functionality initiated by the user. Exported files are created locally on the user's device. Silent Recon does not automatically send exports anywhere.

Permissions Justification

  • Access to all URLs: required so the extension can observe targets the user chooses to review and correlate first-party and related traffic.
  • Web request access: required to inspect request and response metadata for local detection of findings such as missing security headers, exposed APIs, auth/session signals, GraphQL activity, IDOR candidates, and related reconnaissance indicators.
  • Tabs: used to identify the active tab for target scoping and to open the extension dashboard.
  • Storage: used to save local findings, endpoint maps, scripts, profiles, workflow chains, sessions, settings, and saved targets on the user's device.

User Control

  • Detection can be enabled or disabled by the user.
  • Users can clear findings and local history from the extension interface.
  • Exports are user-initiated.

Third-Party Services

The current Silent Recon extension does not rely on third-party analytics, remote processing, or developer-hosted data collection for extension findings. The Silent Recon website may use Paddle to process payments, subscriptions, taxes, invoices, refunds, and customer billing records. Paddle receives the information needed to complete those commercial transactions.

Billing-linked account and entitlement information may be stored by the Silent Recon website so the extension can confirm whether a user's subscription is active. Extension findings remain local to the user's browser unless a future version explicitly adds cloud sync or external processing and this policy is updated before release.

Contact

For privacy or product questions, contact popeanga78@gmail.com.