ClickFix Blocker
Last updated: June 5, 2026 · Effective: June 5, 2026
Privacy Policy
This policy explains how the browser extension ClickFix Blocker (by rmthreat.com) handles your data. In one line: detection runs 100% on your device and nothing is sent by default; the only outbound transfer (the community shield) is something you turn on, and it carries only anonymous, non-personal fields.
1. Data on your device
Detection and blocking run entirely in your browser and work offline. The following is stored in local browser storage (chrome.storage.local) and is not sent to any server by default:
- Block stats — total block count, plus counts by pattern category and OS class.
- Recent events — up to the last 20 blocks, each with the domain, pattern category, source (API interception or manual copy), the quarantined snippet and a timestamp.
- Preferences — whether the community shield and on-device AI are enabled, and whether you've finished onboarding.
- Install id (
rid) — a random identifier (UUID) generated at install, used only to de-duplicate reports after you enable the community shield. It is not tied to any identity and is not sent during ordinary signature downloads.
You can delete all of this by removing the extension or clearing its storage.
2. Community shield (opt-in, off by default)
The community shield is an optional feature that is off by default. You can turn it on or off anytime in onboarding or the popup. Only after you turn it on, when the extension blocks an attack, an anonymous summary of that event is reported to telemetry.rmthreat.com so the community is protected faster; in return you receive real-time (rather than daily) rule updates. If it's off, no blocking reports are sent. The same applies to a "false-positive" report sent when you bypass a warning you judge to be a false alarm — only if the shield is on.
3. Exactly what a report contains
With the community shield on, each report contains only these fields — nothing else:
| Field | Content |
|---|---|
domain | The site domain that triggered the block (normalized registrable host) |
pattern | The matched signature category, e.g. windows_powershell_iex |
os | OS class only — one of win / mac / linux |
snippet | The quarantined command snippet, hard-truncated to 150 chars |
rid | Random install id for de-duplication; no personal identity |
timestamp | When the event occurred |
snippet: it is the blocked malicious command itself (e.g. a PowerShell or shell line), not your page content or anything you typed, and is capped at 150 characters. We only receive it when the shield is on. Reports are sent over HTTPS with no cookies, and your IP is not sent as a data field. (As with any network request, the server technically sees the source IP at the connection level; we do not store it, associate it with rid, or use it to identify you.)4. Signature updates & on-device AI
Signature updates: the extension periodically downloads detection rules from signatures.rmthreat.com (real-time when the shield is on, daily otherwise). This is a one-way download (HTTP GET) that contains no rid, no browsing data and no cookies. It runs even when the shield is off, purely to refresh local signatures; if offline it keeps using existing rules.
On-device AI (optional): if your browser supports Chrome's built-in Prompt API (Gemini Nano), the extension can explain a blocked command in 1–2 plain sentences. This runs fully on your device — it triggers no model download and makes no network request. If unsupported, it stays hidden.
5. What we never collect
- No IP address stored as data.
- No cookies or similar tracking identifiers.
- No name, email, phone or any personal identifier.
- No browsing history, tab list or page content.
- No keystroke or form logging.
- No ads, analytics SDKs or third-party trackers.
- We never sell or rent any data.
6. Permissions
| Permission | Why |
|---|---|
storage | Store block stats, preferences and the install id locally. |
alarms | Schedule periodic signature downloads. |
<all_urls> | Clipboard hijacking can occur on any site, so the content script must watch clipboard behavior on all domains. Processing is always local; page content is not sent. |
telemetry.rmthreat.com | Only used to send the anonymous reports above, when the shield is on. |
signatures.rmthreat.com | Used to download detection-rule updates (one-way GET). |
7. Your controls & rights
- Opt in / out — the community shield is off by default and switchable anytime in the popup.
- Delete local data — remove the extension or clear its storage to erase all local data and the install id.
- Requests — because reports are anonymous and carry no personal data, we usually cannot link specific data to an individual. For any data-protection request (access, correction, deletion, objection), email [email protected] and we'll do our best to help. The community shield relies on your consent (GDPR), which you can withdraw at any time by turning it off.
8. Retention, infrastructure & security
Local data stays on your device under your control (recent events keep only the latest 20). Anonymous community reports are kept in aggregate to compile blocklists and rules; they contain no personal data and cannot be traced to an individual. Our backend (telemetry, signatures) runs on Cloudflare's serverless platform as our infrastructure provider; we embed no third-party analytics or ad services and never share, sell or transfer data otherwise. All transfers use HTTPS. This extension is a general security tool, not directed at children under 13, and does not knowingly collect their data.
9. Changes & contact
If our data practices change, we'll update this page and the "Last updated" date, and flag significant changes in the extension. Questions about this policy or your data: [email protected] or rmthreat.com.