Effective Date: January 1, 2026 Last Updated: February 23, 2026
This Privacy Policy describes how the Session Share Extension ("we," "our," or "the Extension") collects, uses, and protects your information when you use our Chrome browser extension. The Extension is designed to securely and seamlessly facilitate auto-login to your shared SessionShare accounts. By using the Extension, you agree to the practices outlined in this policy.
1. Information We Collect & Process
To provide our core auto-login functionality seamlessly, the Extension interacts with your browser environment. The Extension is designed with privacy in mind and only processes the minimal amount of data necessary.
1. Cookies, Authentication & Session Data
Authentication & Session Data: The Extension securely processes encrypted credentials and session tokens provided by the SessionShare platform (sessionshare.app). These credentials are intentionally kept hidden from the user to maintain the security of shared accounts.
Cookie Data: The extension reads, stores, and injects cookies to enable session sharing functionality. This includes authentication cookies, session tokens, and other website-specific cookies.
Cookie Storage: Injected cookies are stored locally in your browser's storage to track which cookies have been set.
Cookie Domains: The extension may interact with cookies from any website you visit, as it requires access to all URLs to function properly.
2. Website Information & Current Tab Data
Current Tab & URL Information: To determine when to trigger the auto-login or autofill functionality, the Extension reads the URL of the active tab. We collect and store the URLs and hostnames of websites where sessions are shared or requested.
Login Status: The extension detects login status by analyzing URLs and page content to determine if authentication was successful.
Session Metadata: Information about shared sessions, including timestamps, status (Success/Failed/Pending), and source information.
3. Page Elements
DOM Interaction: The Extension briefly interacts with web page structures (such as checking for email, password, or OTP input fields) to automatically inject the correct credentials.
4. User Account Information
User Profile: When you use the extension, we may collect user information from our API, including:
User identification data
Organization membership information
Organization roles (Owner/Member)
Access Requests: When you request access to a website, we collect the domain name and associate it with your organization.
5. Browser and Extension Data
Tab Information: The extension accesses information about your open browser tabs to determine the current website context.
Extension Management: The extension monitors and manages other installed extensions to ensure compatibility.
2. How We Use Your Information
The data processed by the Extension is used exclusively for the following purposes:
1. Session Sharing & Authentication
Authenticating you into authorized third-party services securely.
Inject cookies into web pages to share authenticated sessions between users within the same organization.
Track which cookies have been injected to manage session state.
2. Access Management
Process requests for website access within your organization.
Store and display your session history and access status.
3. Extension Functionality
Seamlessly managing multi-step logins and autofill behaviors.
Detect login forms and authentication status on web pages.
Manage extension dependencies and compatibility.
Provide notifications and alerts related to extension operations.
4. Service Communication
Communicating with our primary platform (sessionshare.app) to retrieve authorized, encrypted shared credentials.
Communicate with our backend services to authenticate users, manage memberships, process access requests, and track website usage.
3. Permissions We Request and Why
The Session Share Extension requires certain browser permissions strictly to perform its designated functions:
Permission
Purpose
storage
Used to securely store temporary state information locally on your device (such as multi-domain login progress or waiting states) to ensure the autofill process works across multi-step logins.
cookies
Required to inject and manage secure sessions for shared accounts, allowing you to access platforms seamlessly without manual login.
tabs
Used to read the current URL so the Extension knows when you have navigated to a supported login page and when to initiate the login process.
management
Used to check the state of the extension and ensure smooth interaction with the host browser, such as managing extension dependencies and compatibility.
scripting
Allows the Extension to run isolated scripts on login pages specifically to locate input fields and securely autofill the necessary credentials.
notifications
Used to provide you with non-intrusive alerts regarding the status of your shared sessions (e.g., successful login or session expiration).
<all_urls>
Because shared accounts can span across countless different third-party websites and services, the Extension requires access to all URLs to reliably detect login pages and apply shared sessions wherever your organization directs you.
4. Data Storage and Retention
Local Storage
Browser Storage: All cookie records, website data, and session information are stored locally in your browser using Chrome's local storage API.
No External Storage: Cookie values and sensitive session data are NOT transmitted to external servers except as necessary for the extension's core functionality.
Data Retention
Data stored locally on your device by the Extension (via the storage permission) is transient and related only to active login processes. You can clear this data at any time by logging out of the SessionShare platform, clearing your browser extension data, or uninstalling the Extension.
Data stored locally in your browser also remains until:
You uninstall the extension
You manually clear browser storage
The extension automatically clears data when dependencies are removed
5. Data Sharing and Disclosure
1. Within Your Organization
Session data and access requests are shared with members of your organization who have appropriate permissions. Organization administrators can view and manage access requests for their organization.
2. External Services
API Communication: We communicate with our backend services to manage user accounts and access requests.
External Websites: The extension may communicate with authorized external websites listed in the manifest (e.g., https://sessionshare.app/*).
Extension Communication: The extension communicates with a companion extension for coordinated functionality.
3. We Do NOT:
Sell, rent, or trade your personal information, browsing history, or session data to third parties.
Share cookies or authentication tokens with third parties outside your organization
Use your data for advertising or marketing purposes unrelated to the extension's functionality
6. Data Security
Security is foundational to the Session Share ecosystem. We implement the following measures:
Backend Encryption: All cookies, login credentials, and session tokens stored on our backend servers are strictly encrypted. We utilize industry-standard encryption protocols to ensure that even if the backend storage were compromised, the raw authentication data remains unreadable.
Secure Infrastructure: The Extension only connects externally to authorized SessionShare domains (e.g., https://sessionshare.app/* and https://www.sessionshare.app/*). All transmission of this encrypted authentication data happens over secure HTTPS connections.
No User Visibility: Credentials processed by the Extension are securely decrypted only at the moment of injection into the target pages. They are completely hidden from the user, ensuring the original account owner's credentials remain confidential.
Local Processing: Cookie injection and session management occur primarily within your browser. Sensitive authentication data is processed locally when possible.
Extension Management: The extension automatically disables conflicting cookie management extensions to prevent interference. The extension may disable itself if required dependencies are not met.
7. Your Rights and Choices
You have full control over the Extension. At any time, you can:
1. Manage Shared SessionsManage or revoke shared sessions directly from the SessionShare dashboard.
2. Disable or UninstallDisable or uninstall the Extension from your browser's extension management page at any time, stopping all data collection and cookie injection.
3. Data AccessYou can view your stored sessions and website data through the extension's popup interface. Local storage data can also be accessed through Chrome's developer tools.
4. Data DeletionUninstalling the extension removes all local data. You can also manually clear extension data or remove individual sessions.
8. Third-Party Services
Backend API
Purpose: User authentication, organization management, access request processing Data Shared: User account information, organization IDs, domain access requests Privacy: Subject to our backend service provider's privacy policy
External Websites
The extension may interact with authorized external websites for session sharing functionality. These interactions are limited to the domains specified in the extension manifest.
9. Children's Privacy
This extension is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any changes by updating the "Last Updated" date or providing a notification through the extension. Your continued use of the extension after any modifications constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.
11. Contact Information
If you have questions or concerns about this Privacy Policy or our data practices, please contact us through:
This extension handles sensitive authentication data (cookies and session tokens). Users should only use this extension within trusted organizations and understand that sharing sessions grants access to your authenticated accounts. Be aware that cookie injection can bypass normal authentication flows. Use this extension responsibly and in accordance with website terms of service.
By using this extension, you acknowledge that you understand the security implications of sharing authentication sessions and accept responsibility for its use.
Note: This privacy policy applies specifically to the Session Share Extension. For information about how our backend services handle data, please refer to the privacy policy of sessionshare.app.