Last Updated: February 4, 2026 Effective Date: February 4, 2026 Version: 1.0.0
FireFlag is a Firefox browser extension that helps users safely manage browser flags (about:config settings, experimental features, and developer flags). This privacy policy explains what data FireFlag collects, how it's used, and your rights regarding your data.
TL;DR: FireFlag stores all data locally on your device. We do not collect, transmit, or share any personal information. We do not use analytics, tracking, or telemetry.
- Extension Name: FireFlag
- Developer: Jonathan D.A. Jewell
- Contact: j.d.a.jewell@open.ac.uk
- Source Code: https://github.com/hyperpolymath/fireflag
- License: MPL-2.0 (Mozilla Public License 2.0)
FireFlag stores the following data locally on your device only using Firefox's browser.storage API:
-
Flag States
- Which flags you have enabled/disabled
- Current flag values
- Last modified timestamps
-
Change History (if tracking enabled)
- Before/after values when you toggle flags
- Timestamps of changes
- Performance metrics at time of change
-
User Preferences
- Auto-update settings
- UI preferences (compact view, safety badges, etc.)
- Permission grants
- Export format preferences
-
Flag Database
- Local copy of the flag database (105+ Firefox flags)
- Flag metadata (descriptions, safety levels, effects)
- Version information
Storage Location: All data is stored using browser.storage.local API, which keeps data on your device in Firefox's profile directory.
FireFlag does NOT collect, store, or transmit:
- ❌ Personal identifying information (name, email, IP address)
- ❌ Browsing history or website URLs
- ❌ Search queries or form data
- ❌ Cookies or authentication tokens
- ❌ System information (OS, hardware specs)
- ❌ Analytics or telemetry data
- ❌ Crash reports or error logs
- ❌ User behavior patterns
- ❌ Any data that leaves your device
When auto-update is enabled (default), FireFlag checks for database updates:
- Frequency: Weekly (Sundays at midnight UTC)
- Source: GitHub Releases API (https://api.github.com/repos/hyperpolymath/fireflag/releases/latest)
- Data Sent: Standard HTTP request headers (User-Agent, Accept)
- Data Received: Version number and download URL only
- IP Logging: GitHub may log IP addresses per their privacy policy
You can disable auto-updates in Settings → General → Auto-Update.
When you manually check for updates:
- Same process as automatic updates
- Triggered by user action only
- Can be disabled entirely
FireFlag does NOT:
- Use Google Analytics or similar services
- Track user behavior
- Send telemetry data
- Phone home for any reason except database updates
- Include third-party scripts or trackers
FireFlag requests these Firefox permissions:
storage(Required)- Purpose: Store flag states and user preferences locally
- Data Access: Your flag configurations and settings
- Scope: Local device only
These permissions are requested only when you enable specific flags:
-
browserSettings(Optional)- Purpose: Modify browser settings when you enable certain flags
- Requested When: You toggle a flag affecting browser settings
- Can Be Revoked: Yes, anytime in Firefox permissions
-
privacy(Optional)- Purpose: Modify privacy-related flags
- Requested When: You toggle a privacy flag
- Can Be Revoked: Yes, anytime
-
tabs(Optional)- Purpose: Display active flags in DevTools panel
- Requested When: You open DevTools panel
- Data Access: Current tab URL (not stored or transmitted)
- Can Be Revoked: Yes, anytime
-
notifications(Optional)- Purpose: Show notifications for database updates
- Requested When: You enable update notifications
- Can Be Revoked: Yes, anytime
-
downloads(Optional)- Purpose: Export flag reports as JSON/CSV
- Requested When: You export data
- Can Be Revoked: Yes, anytime
FireFlag implements granular permission requests:
- Permissions are requested only when needed
- Each permission shows what it enables
- You can review and revoke permissions anytime
- The extension explains why each permission is requested
FireFlag does NOT share your data with:
- ❌ Third-party services
- ❌ Analytics providers
- ❌ Advertising networks
- ❌ Data brokers
- ❌ The developer (us)
- ❌ Mozilla (except standard extension metadata)
FireFlag interacts with these external services:
-
GitHub (for database updates)
- URL: https://api.github.com
- Data Sent: Standard HTTP headers
- Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement
- Purpose: Check for database updates
- Opt-out: Disable auto-updates in settings
-
Mozilla Add-ons (for extension updates)
- URL: https://addons.mozilla.org
- Data Sent: Extension ID, version number
- Privacy Policy: https://www.mozilla.org/privacy/firefox/
- Purpose: Update the extension itself
- Opt-out: Disable auto-updates in Firefox settings
Note: FireFlag does not control these third-party services. Please review their privacy policies.
- Stored: Until you uninstall the extension or clear Firefox data
- Deletion: Automatically deleted when extension is removed
- Manual Deletion: Settings → Clear All Data button
When you export flag reports:
- Stored: On your device in Downloads folder
- Retention: Your responsibility to delete
- Content: Flag states, change history, performance metrics (no personal data)
You have complete control over your data:
-
View Data
- Open DevTools → Application → Storage → Extension Storage
- View all stored flag states and preferences
-
Export Data
- Sidebar → Export tab → Download as JSON/CSV
- Portable format you can review
-
Delete Data
- Per-flag: Click "Reset to Default"
- All data: Settings → Advanced → Clear All Data
- Complete removal: Uninstall extension
-
Manage Permissions
- Firefox → Add-ons → FireFlag → Permissions
- Revoke any optional permission
FireFlag does NOT require:
- Account creation
- Registration
- Login credentials
- Email address
- Personal information
FireFlag complies with GDPR because:
-
No Personal Data Processing
- All data stored locally
- No profiling or automated decision-making
- No data transfer outside EU (all local)
-
Data Minimization
- Only essential data stored
- No excessive data collection
-
User Control
- Full access to your data
- Easy export and deletion
- Transparent processing
-
No Consent Required
- GDPR requires consent for personal data processing
- FireFlag doesn't process personal data
- All storage is local and user-initiated
Even though FireFlag doesn't collect personal data, you have these rights:
- ✅ Right to Access: View all data in browser storage
- ✅ Right to Rectification: Edit flag states anytime
- ✅ Right to Erasure: Delete all data or uninstall
- ✅ Right to Data Portability: Export as JSON/CSV
- ✅ Right to Object: Disable features or uninstall
FireFlag complies with CCPA:
-
No Sale of Personal Information
- FireFlag does NOT sell personal information
- We don't collect personal information to sell
-
No Sharing with Third Parties
- All data stays on your device
- No third-party data sharing
-
Opt-Out Rights
- Not applicable (no data collection to opt out of)
- Can disable all network activity (auto-updates)
FireFlag does not:
- Target children under 13
- Knowingly collect data from children
- Require age verification (no accounts)
FireFlag is safe for all ages because it collects no personal data.
- Encryption: Firefox encrypts browser.storage data
- Access Control: Only FireFlag can access its storage
- Isolation: Separate from other extensions and websites
- Open Source: All code publicly auditable on GitHub
- Security Scanning: Automated security analysis (Svalin, Vordr, Selur)
- No Minification: Source code is readable
- Reproducible Builds: Verifiable build process
- No Backend: No servers to hack
- No Database: No central storage to breach
- No Cloud: Nothing stored in the cloud
- Local Only: All data on your device
We will notify you of privacy policy changes by:
- Updating the "Last Updated" date at the top
- Publishing changes on GitHub
- Including in extension update notes (for major changes)
If we make material changes (e.g., start collecting data):
- We will request new permissions
- Firefox will prompt you to approve
- You can decline and continue using the old version
Privacy policy versions are tracked on GitHub: https://github.com/hyperpolymath/fireflag/commits/main/PRIVACY.md
FireFlag is fully open source:
- Source Code: https://github.com/hyperpolymath/fireflag
- License: MPL-2.0 (Mozilla Public License 2.0)
- Auditing: Anyone can review the code
- Issues: Report privacy concerns on GitHub
FireFlag uses reproducible builds:
- Anyone can verify the published extension matches the source code
- Build instructions in repository
- No hidden code or telemetry
For privacy-related questions:
- Email: j.d.a.jewell@open.ac.uk
- GitHub Issues: https://github.com/hyperpolymath/fireflag/issues
- Response Time: Within 7 days
To exercise your privacy rights (though not needed for local data):
- Access: Use DevTools or export feature
- Deletion: Use "Clear All Data" or uninstall
- Questions: Email above address
To report security issues:
- Email: j.d.a.jewell@open.ac.uk (GPG key available on request)
- GitHub: Security tab (private disclosure)
- Bug Bounty: None currently
FireFlag is distributed through Mozilla Add-ons:
- Mozilla Privacy Policy: https://www.mozilla.org/privacy/firefox/
- Add-ons Policy: https://extensionworkshop.com/documentation/publish/add-on-policies/
- Data Collected by Mozilla: Extension ID, download count, ratings (not linked to users)
Mozilla may collect:
- Extension installation/update events
- Crash reports (if Firefox crash reporting enabled)
- General usage statistics (opt-in)
This is separate from FireFlag - we don't receive this data.
Our Promise:
- We will never collect personal data
- We will never sell or share your data
- We will never add analytics or tracking
- We will always store data locally
- We will always be transparent about changes
If we ever violate these promises:
- We will immediately notify all users
- We will request new permissions
- You can decline and keep using the old version
- You can report violations to Mozilla
FireFlag's data processing is based on:
- Legitimate Interest: Provide extension functionality
- User Consent: Explicit permission grants for optional features
- Contract Performance: Not applicable (no terms of service)
Since all processing is local and user-initiated, no additional legal basis is required.
Not applicable - all data stored locally on your device.
FireFlag does NOT use:
- Profiling
- Automated decision-making
- Machine learning on user data
- Behavioral analysis
This privacy policy is licensed under CC BY-SA 4.0: https://creativecommons.org/licenses/by-sa/4.0/
You may share and adapt this policy with attribution.
Last Updated: February 4, 2026 Effective Date: February 4, 2026 Version: 1.0.0
FireFlag Privacy Policy Copyright (C) 2026 Jonathan D.A. Jewell Licensed under CC BY-SA 4.0