SILENT RECON

Legal

Privacy Policy for Silent Recon

Effective date: April 16, 2026

Silent Recon is a browser extension for cybersecurity professionals that performs browser-side reconnaissance and passive security analysis during normal browsing sessions.

What Silent Recon Does

Silent Recon observes browser activity on pages where the extension is enabled in order to help users identify web application attack surface, workflow paths, security misconfigurations, authentication and session indicators, JavaScript intelligence, and related reconnaissance signals.

Data Handling

Silent Recon currently performs its analysis locally in the user's browser. Silent Recon does not intentionally collect, store on developer-controlled servers, or transmit browsing-derived scan findings to external services as part of the current 1.0 product. License activation and validation requests may be sent to silent-recon.com when a user enters or refreshes a license key.

The extension may locally process and locally store information derived from the pages and network activity the user chooses to inspect, which can include:

  • visited page URLs and titles
  • request and response headers
  • request methods and endpoint paths
  • limited request and response body samples used for local detection logic
  • JavaScript asset URLs
  • localStorage and sessionStorage key names only
  • derived findings, auth/session indicators, token-like evidence, endpoint inventories, workflow chains, sessions, and saved targets

This information is stored locally using the browser extension storage available on the user's device so the user can review results across sessions.

Silent Recon's use of information received from Chrome extension APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. User data is used only to provide or improve Silent Recon's browser-side reconnaissance features, is not sold, is not used for advertising, and is not transferred except as needed to provide the product, comply with law, or address security or abuse.

Exports

Silent Recon includes export functionality initiated by the user. Exported files are created locally on the user's device. Silent Recon does not automatically send exports anywhere.

Permissions Justification

  • Host access: required so the extension can observe websites the user chooses to test and correlate first-party and related traffic.
  • Web request access: required to inspect request and response metadata for local detection of findings such as missing security headers, exposed APIs, auth/session signals, GraphQL activity, IDOR candidates, and related reconnaissance indicators.
  • Tabs: used to identify the active tab for target scoping and to open extension pages such as the dashboard, onboarding screen, and pricing page.
  • Storage: used to save local findings, endpoint maps, scripts, profiles, workflow chains, sessions, settings, and saved targets on the user's device.

User Control

  • Detection can be enabled or disabled by the user.
  • Users can limit capture to approved targets or lock capture to the current target.
  • Users can clear findings and local history from the extension interface.
  • Exports are user-initiated.

Third-Party Services

The current Silent Recon extension does not rely on third-party analytics, remote processing, or developer-hosted data collection for extension findings. The Silent Recon website may use Lemon Squeezy to process payments, subscriptions, taxes, invoices, refunds, and customer billing records. Lemon Squeezy receives the information needed to complete those commercial transactions.

Silent Recon may store limited license activation records, such as a masked or hashed license key, Lemon Squeezy license identifiers, activation instance identifiers, plan, status, and validation timestamps. Lemon Squeezy manages license keys, activation limits, renewals, and subscription status for paid access. Extension findings remain local to the user's browser unless a future version explicitly adds cloud sync or external processing and this policy is updated before release.

Contact

For privacy or product questions, contact contact@silent-recon.com.