Security and Privacy

Security is at the heart of Cookie Porter. Since we handle sensitive session information, we’ve implemented multiple layers of protection.

Zero-Knowledge Architecture

We follow a zero-knowledge philosophy:

• No Servers: We do not host any database or backend servers that store your cookies or notes.
• Direct Sync: All synchronization happens directly between your browser and your Google Drive account.
• Local Control: You are the sole owner of your data.

Encryption

Local Encryption

Before any sensitive data (cookies, account details) is saved to chrome.storage.local, it is encrypted using AES (Advanced Encryption Standard).

This means that even if someone gains access to your computer's local files, they cannot read your saved cookies without the encryption keys managed by the extension.

Cloud Encryption

When data is synced to Google Drive, it is uploaded in its already encrypted state. This provides double protection:

1. At Rest: Encrypted by Cookie Porter (AES).
2. Infrastructure: Protected by Google’s world-class security.

Google Drive Permissions

Cookie Porter uses the drive.appdata scope. This is a restricted scope that only allows the extension to access its own private data folder.

Cookie Porter **cannot** see, read, or modify your personal files, documents, or photos in Google Drive.

Internationalization (i18n)

The extension detects your system language to provide a seamless experience. You can also manually switch between English and Spanish in the settings. This preference is stored locally and synced, ensuring your choice is remembered across devices.