Privacy Policy

1) Summary (Plain English)

• We process: a secure verification payload (session ID, appointment identifiers) provided by the administrator who issued you the link.
• We transmit: your liveness result (a session token returned by the biometric SDK) to our backend to complete the verification.
• We send: your browser's user-agent string to help your administrator debug connection issues.
• We do not collect your name, email, passport details, or any personal identity documents.
• We do not sell your data and do not use it for advertising.

2) Definitions

"Verification Payload" means the encoded data inside the link your administrator sends you, containing the session ID, appointment identifiers, and proxy IP.
"Liveness Result" means the session token and result returned by the OzForensics SDK after your selfie check completes — it does not include raw facial images or biometric templates.
"User Agent" means your browser's identification string, used for technical debugging only.

3) Data We Collect and Process

3.1 Data from the Verification Link (Administrator-Provided)

• Session ID — identifies your active verification session
• User ID and Transaction ID — your appointment identifiers, provided by your administrator
• Proxy IP — the IP address used to route your session correctly to the appointment portal

3.2 Data Generated During Verification

• Liveness result token (event_session_id) — returned by the OzForensics SDK on successful completion; transmitted to the SelfieGate backend to confirm verification
• Full result object — the complete SDK response, transmitted to the SelfieGate backend for record-keeping
• User agent string — your browser's UA string, sent once when the link is opened; used by your administrator to debug connection or compatibility issues

3.3 Data We Do NOT Collect

• We do not collect your name, email, passport, or identity documents
• We do not record your browsing history or activity on other websites
• We do not capture raw facial images or biometric templates (this is handled entirely by OzForensics)
• We do not track you across sessions or websites

4) How We Use Data

• Core functionality: decode your verification link, apply required network settings, load the liveness SDK, and transmit the result to the SelfieGate backend.
• Session tracking: send status updates (link opened, selfie started, selfie complete) to the SelfieGate backend so your administrator is notified in real time.
• Debugging: the user-agent string is sent once to help diagnose connection issues between your browser and the appointment portal.

5) Third-Party Services

5.1 OzForensics Liveness SDK

The extension loads the OzForensics liveness SDK from their CDN (web-sdk.prod.cdn.spain.ozforensics.com) at runtime. The SDK captures a short facial video, performs liveness analysis, and returns a session token. Facial video and biometric processing is handled entirely by OzForensics — we do not receive or store raw biometric data.

5.2 SelfieGate Backend

The liveness result token, session status updates, and user-agent string are sent to the SelfieGate backend to complete the verification workflow and notify your administrator.

6) Storage, Retention, and Deletion

• Local storage: the extension stores session state (session ID, status) temporarily in Chrome extension storage for the duration of the active verification. This is cleared when the session ends.
• Backend: session records are stored on the SelfieGate backend associated with the session ID. They are not linked to your personal identity.
• Deletion: uninstall the extension to remove all local data. Contact us to request removal of session records from our backend.

7) Data Sharing

We do not sell data.

• OzForensics: facial liveness check is processed by their SDK under their own privacy policy.
• SelfieGate backend: liveness result and session status are transmitted to our own backend to complete the verification.
• Your administrator: the liveness result token is made available to your administrator to submit to the appointment portal on your behalf.
• Legal requirements: data may be disclosed if required by law or valid legal process.

8) Security

• All communication with the SelfieGate backend uses HTTPS/TLS.
• The verification payload in the link is base64-encoded and session-scoped — it expires after use.
• Network header rules (XFF, WAF block) are applied only during the active session and cleared immediately after.

9) Why the Extension Requests Permissions

• storage: temporarily stores session state during the verification workflow.
• scripting: injects and runs the OzForensics liveness SDK on the verification page.
• declarativeNetRequest / declarativeNetRequestWithHostAccess: applies network header rules (IP forwarding, WAF bypass) required for the appointment portal to accept the session.
• tabs: detects when your administrator's verification link is opened so the extension can activate automatically.
• management: clears any active network rules if the user uninstalls the extension, so no rules persist after removal.
• <all_urls>: the verification link can be opened from any domain (email, messaging app, etc.); the extension must intercept it regardless of origin.

10) Children's Privacy

This extension is intended for adult users only. We do not knowingly collect data from children under 13.

11) Changes to This Policy

We may update this policy from time to time. The "Last updated" date will reflect any changes. Continued use of the extension constitutes acceptance of the updated policy.

12) Contact

For questions about this Privacy Policy or your data:
Email: admin@visaappointmentalert.com