Permissions Reference

Sonomos requests the minimum permissions necessary for PII detection and masking. Here’s a complete breakdown.

Manifest permissions

Host permissions

Why: Sonomos needs to scan page content on any site to detect PII and intercept outgoing requests when Cloak is enabled. Without this, detection would be limited to a manually-maintained allowlist of sites.

What it does NOT do: This permission does not allow Sonomos to read your browsing history, modify pages beyond injecting the detection widget, or transmit page content externally.

Caution

We recognize that broad host permissions are a wide-reaching permission. We’ve disclosed this transparently in our Privacy Guides submission. A future version may offer a configurable allowlist for users who prefer to limit scope.

Storage

Why: Stores user preferences, widget position, Cloak toggle state, and detection settings locally. These settings sync across your browser profile’s devices.

Active tab

Why: Allows the popup and background processes to identify the currently active tab for context (e.g., determining which platform you’re on for Cloak routing).

Scripting

Why: Required to inject detection and masking functionality into web pages.

Data handling summary

Data type	Stored locally	Sent externally	Purpose
Detection results	✅	❌	Displayed in widget/popup
Page content	❌ (in-memory)	❌	Scanned and discarded
User preferences	✅	❌	Settings persistence
Account credentials	❌	✅ (auth provider)	Authentication
Payment info	❌	✅ (payment processor)	Subscription billing
Feedback form content	❌	✅ (via email service)	Bug reports to info@sonomos.ai