Titanium Privacy Policy

Last updated: 2026-05-05

This is the privacy policy for the Titanium Chrome extension and the Titanium Companion macOS application (collectively, "Titanium").

TL;DR

Titanium does not collect, transmit, or share any data. Everything runs on your device. There are no servers, no analytics, no telemetry, no error reporting. We don't know who uses Titanium or how they use it.

If you're looking for the legalese version, keep reading.

What data does Titanium handle?

Titanium reads and processes the following data on your device only:

• macOS Screen Time configuration — the contents of /Library/Managed Preferences/<your-user>/com.apple.familycontrols.contentfilter.plist (your Screen Time block/allow lists and adult-content filter setting). Read by the companion app and forwarded to the extension over Chrome's Native Messaging API.
• macOS App Limits configuration — the ZBUDGETEDWEBDOMAIN table from ~/Library/Containers/com.apple.UsageTrackingAgent/Data/Library/Application Support/UsageTrackingAgent/UsageTracking.sqlite (your per-domain daily time limits).
• URLs of tabs you visit in Chrome — read locally to determine whether a tab matches a blocked domain. Never transmitted, never logged outside Chrome's own service-worker console.
• Time spent on tracked domains — counted locally per second of focused, non-idle browsing. Stored locally as integers, reset at local midnight.
• Your PIN — stored as a PBKDF2 hash with a per-PIN salt. The plaintext PIN is never persisted.
• Your recovery secret(s) — if you choose TOTP recovery, the random 160-bit secret. If you choose Mac admin password recovery, only a boolean flag indicating it's enabled.
• Your settings preferences — notification toggles, recovery method choice.

Where does this data live?

Locally, in two places:

• Chrome's chrome.storage.local, which is per-extension, per-Chrome-profile, never synced. Lives in your local Chrome profile directory.
• Your existing macOS data files (the Screen Time plist and App Limits sqlite), which Apple manages and which Titanium reads but never modifies.

Titanium does not use chrome.storage.sync. Your PIN, recovery secret, and quota counters do not sync across devices.

Where does this data go?

Nowhere. Titanium has no servers. We do not receive your data. We do not know your data exists.

The companion app communicates with the extension only via Chrome's Native Messaging API, which is a local stdin/stdout pipe between two processes on your Mac. No network is involved.

Network connections

Titanium does not make outbound network connections except for:

1. Chrome's automatic extension auto-updates, which connect to Google's update servers (clients2.google.com) in the normal course of all Chrome extensions being updated. Titanium does not control or initiate these.
2. The macOS companion app does not make network connections.

We do not phone home. We do not check for updates separately. We do not log anything to a remote server.

Third-party data sources

The bundled adult-content blocklist is built from three publicly available, permissively licensed sources:

• StevenBlack/hosts (porn-only) — MIT licensed
• Block-List-Project (porn) — Unlicense
• HageZi DNS Blocklists Pro NSFW — CC BY-SA 4.0

These lists are downloaded once at build time (when we package the extension), deduplicated, subdomain-rolled, and bundled into the extension as static rule files. At runtime, Titanium does not contact these sources or any other server.

When the blocklist is updated (typically with each extension release), it is re-downloaded by us during build, re-bundled, and pushed via Chrome Web Store auto-update. You always receive a static snapshot.

Third-party services

None. Titanium does not use:

• Analytics (no Google Analytics, Mixpanel, Amplitude, etc.)
• Crash reporting (no Sentry, Bugsnag, etc.)
• Authentication services (no Auth0, Firebase Auth, etc.)
• Cloud sync (no Firebase, Supabase, etc.)
• CDNs for in-extension assets (everything is bundled)
• Advertising networks
• Trackers of any kind

Children's privacy

Titanium is intended to be used by parents to enforce restrictions for their minor children, or by adults for self-restraint. It does not directly target children under 13 nor knowingly collect data from them — because it does not collect data from anyone.

Data retention

There is no data to retain. All data lives on your device under your control. Uninstalling Titanium removes the extension's chrome.storage.local data automatically (Chrome handles this). Removing the Titanium Companion app does not affect your Screen Time configuration, which Apple manages.

Your rights

Because we don't have your data, there is nothing to access, export, correct, or delete on our end. Your rights are exercised by managing your own device:

• Access: open the popup, view your settings.
• Export: open Chrome's developer tools (if not blocked by the configuration profile) and inspect chrome.storage.local.
• Correction: change your settings via the popup.
• Deletion: uninstall the extension and the companion. Or use "I forgot my PIN" → wipe.

Changes to this policy

If we ever change Titanium's behavior in a way that affects this policy (for example, adding optional telemetry or a sync feature), we will:

1. Update this policy with a new "Last updated" date.
2. Notify users via the extension's update mechanism.
3. Make the new behavior strictly opt-in.

We will never make data collection mandatory or hidden.

Contact

For questions about this policy, email [email protected] (or whatever email you settle on).

For security issues, please follow responsible disclosure: email the same address with details. We will respond within 7 days.