CCA Tool Privacy Policy

CCA Tool — Privacy Policy

This privacy policy ONLY applies to the CCA Tool browser extension software packages - other CCA services have different privacy policies.

1. Overview

CCA Tool provides two core features: (a) domain security analysis and (b) first-name spelling variant suggestions. Both features require sending limited data to our API server to function. We are committed to collecting only the minimum data necessary and never using it for purposes unrelated to the Extension's functionality.

2. Data We Collect and Transmit

2.1 Domain Security Lookups

When you look up a domain or IP address — via the popup, side panel, context menu, or keyboard shortcut — the domain name or IP address is sent to our API server at ccatool.datasourceapi.com. The server queries public DNS records, WHOIS databases, and security headers, then returns the results to the Extension. The queried domain or IP is not logged or stored on our server after the response is delivered.

2.2 Name Variant Suggestions

When you type a first name into a detected form field, the Extension sends that name to ccatool.datasourceapi.com to retrieve spelling variants from our name database. Only the individual first name is transmitted — no surrounding form data, page content, or personal context is sent. The queried name is not logged or stored on our server after the response is delivered.

2.3 Data Stored Locally in Your Browser

The Extension stores the following data locally on your device using browser storage APIs. This data never leaves your browser:

DataStorage MethodPurposeDomain lookup history (last 20 domains)chrome.storage.localQuick access to recently checked domainsBookmarked domainschrome.storage.syncSaved domains that sync across your browsersName variant usage statisticschrome.storage.localShows which suggestions were offered and selectedUser preferences (enabled/disabled toggle, excluded names, disabled sites, theme)chrome.storage.syncPersists your settings across browser sessionsTemporary domain for side panel handoffchrome.storage.sessionPasses the target domain from popup/context menu to side panel; cleared after use

3. Data We Do NOT Collect

Browsing history: We do not track, record, or transmit which websites you visit. The Extension only reads the URL of the active tab when you explicitly interact with it (clicking the icon, using a keyboard shortcut, or right-clicking a link).
Page content: We do not read, scrape, or transmit the content of any web page. The content script only detects first-name input fields and reads the value you type into them.
Passwords, emails, or other form fields: Only fields identified as first-name inputs are monitored. All other form fields are ignored.
Analytics or telemetry: The Extension contains no analytics SDKs, tracking pixels, telemetry beacons, or fingerprinting code.
Cookies: The Extension does not set, read, or transmit any cookies.

4. Third-Party Services

4.1 CCA Tool API (ccatool.datasourceapi.com)

All API requests are made over HTTPS. The server processes the request and returns JSON data. No request data is logged, stored, or shared with any third party. The server infrastructure is operated by Cooperative Computing Alliance LLC.

4.2 GOV.UK Fonts (govuk.prodcdn.com)

The Extension loads the GDS Transport font via CSS @font-face from the UK Government's public CDN. This is a static font file request — no personal data is transmitted. This font is used solely for visual consistency with the GOV.UK Design System styling.

No other third-party services, scripts, or resources are loaded.

5. Data Sharing

We do not sell, rent, lease, or transfer your data to any third party for any purpose. We do not use any data collected by the Extension for advertising, user profiling, credit assessment, or any purpose unrelated to the Extension's stated functionality.

6. Data Retention

Server-side: No request data is retained after the API response is returned.
Client-side: Locally stored data (history, bookmarks, preferences, statistics) persists until you clear it via the Extension's settings page, uninstall the Extension, or clear your browser storage. Data stored in chrome.storage.sync may sync across devices where you are signed into the same browser account.

7. Security

All communication between the Extension and our API server uses HTTPS (TLS encryption). The Extension does not execute any remote code — all JavaScript is bundled within the extension package. API responses contain only structured JSON data, never executable code.

8. Children's Privacy

The Extension is not directed at children under the age of 13. We do not knowingly collect personal information from children.

9. Your Rights

You can:

Disable name suggestions entirely or on specific sites via the Extension's settings page.
Clear your lookup history and statistics from the settings page.
Remove bookmarks from the side panel.
Uninstall the Extension at any time, which removes all locally stored data.
Request information about your data by contacting us at the address below.

10. Changes to This Policy

11. Contact

If you have questions or concerns about this privacy policy or the Extension's data practices, contact us at:

Cooperative Computing Alliance LLC

Email: support-ccatool@coopalliance.org

CCA Tool Program Privacy

Cooperative Computing Alliance

539 W. Commerce St

Room 5210

Dallas, TX 75208

Telephone 415/534-8441