Privacy Policy
Last Updated: January 2, 2026
Summary
- •We collect URLs of websites you visit for phishing detection
- •Screenshots are collected only during deep scans or user-initiated reports
- •We do not sell your data
- •We do not link browsing data to your personal identity
- •You can disable the extension at any time
Information We Collect
Automatic Collection (Light Scans)
When you browse with Muninn enabled, we automatically collect:
- Page URLs: Web addresses are sent to our servers for AI-powered phishing analysis. URLs are normalized to remove query parameters that may contain personal information.
We do not collect: your browsing history, form data or passwords, or personal information from pages you visit.
User-Initiated Collection (Deep Scans & Reports)
When you manually trigger a deep scan or report a suspicious page:
- Page Screenshots: A visual capture of the current page is sent for AI-powered analysis
- Page URL: The address of the scanned or reported page
Account Information
If you create an account, we collect your email address and store authentication tokens securely.
How We Use Your Information
Phishing Detection
- URLs and screenshots are analyzed using AI to determine if a page is malicious
- Screenshot data from deep scans is processed in real-time and not stored on our servers
- Screenshot data from user reports is stored to improve our phishing database (Yggdrasil)
Service Improvement
- Aggregated, non-identifying statistics help us improve detection accuracy
- Reported URLs contribute to our public phishing database
Service Providers
We use third-party service providers for AI analysis and infrastructure hosting. These providers process data on our behalf and are contractually prohibited from using your data for other purposes.
Data Retention
| Data Type | Retention Period |
|---|---|
| Light scan URLs | Cached for performance; not linked to users |
| Deep scan screenshots | Not stored; deleted after analysis |
| Reported URLs | Retained indefinitely in Yggdrasil database |
| Reported screenshots | Retained indefinitely for manual review |
| Account data | Until account deletion |
Data Security
We implement industry-standard security measures:
- All data transmission uses HTTPS/TLS encryption
- Authentication uses secure session management
- Screenshots are transmitted directly to analysis services without intermediate storage (except for reports)
Your Rights and Choices
Disable Scanning
You can pause Muninn at any time using the toggle in the extension popup. When disabled, no data is collected or transmitted.
Whitelist Sites
You can add trusted sites to your local whitelist. These sites will not be scanned.
Delete Your Account
Contact us at privacy@norn-labs.com to request account deletion. Note: URLs you reported to Yggdrasil may remain in the public database as they serve a security purpose for all users.
Data Access
You may request a copy of any personal data we hold about you by contacting privacy@norn-labs.com.
Children's Privacy
Muninn is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us immediately.
California Privacy Rights
California residents have additional rights under the CCPA:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information (we do not sell data)
- Right to non-discrimination for exercising these rights
Changes to This Policy
We may update this Privacy Policy periodically. We will notify users of material changes through:
- The extension update notes
- Email (if you have an account)
- A notice on our website
Contact Us
For privacy-related questions or requests:
Email: privacy@norn-labs.com
Norn Labs
United States
Chrome Web Store Disclosure
Per Chrome Web Store requirements, we disclose:
Data collected:
- Web history (URLs only, for phishing detection)
- Website content (screenshots, only when user initiates deep scan or report)
Data usage:
- Security and fraud prevention
Data handling:
- Data is not sold to third parties
- Data is not used for purposes unrelated to the extension's core functionality