otpextension

Privacy Policy — CodeCatch

Last updated: July 5, 2026

CodeCatch (“the extension”) helps you sign in and verify accounts faster by detecting one-time verification codes in your Gmail inbox and filling them into the web page you’re on.

What data we access

With your explicit permission (via Google’s sign-in and consent screen), the extension requests read-only access to your Gmail account (the gmail.readonly scope) so it can look at recently received messages and find verification codes.

What we do with it

Where your data goes

Nowhere but your own browser. This extension has no backend server. All Gmail access happens directly between your browser and Google’s servers, using a token that Google’s own browser API (chrome.identity) manages — we never see, store, or transmit that token ourselves, and no email content is ever sent to any server we control, because no such server exists.

What we store, and for how long

Third parties

We do not sell, rent, share, or transmit your data to any third party, advertiser, or analytics service. The only external service the extension talks to is the Gmail API itself, directly, on your behalf.

Your control

You can disconnect your Gmail account at any time from the extension’s popup — this revokes the extension’s access token with Google and clears all locally stored account data (preferences are kept so you don’t have to reconfigure the extension if you reconnect later).

Compliance

CodeCatch’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Contact

Questions about this policy or the extension’s data handling can be sent to: tehmanhassan@gmail.com