Effective 2026-05-18 · v1.1.0

Privacy policy, clearly.

SimplyAdBlocker blocks ads, trackers, and cookie banners locally on your device. This page describes everything the extension does with data.

Local blocking No telemetry No accounts
01

Everything important stays local.

Your settings, trusted sites, banished sites, picker rules, and stats live in browser storage. We do not run a server that sees them.

02

Network use is limited and explainable.

The extension can check a remote config file and, if enabled, refresh EasyPrivacy. Turn the toggles off and it stops making those requests.

03

No accounts. No analytics. No selling.

There are no user accounts, no analytics SDKs, no telemetry events, and no data marketplace hiding in the corner.

Short version

The quiet version of privacy.

Collect No

We do not collect, transmit, or sell your data.

Accounts None

There is no SimplyAdBlocker server, no account, no analytics, no telemetry.

Where it runs Local

All blocking and statistics happen entirely on your computer.

Browser storage

What is stored on your device

The extension uses your browser's built-in extension storage (chrome.storage.sync / browser.storage.sync and chrome.storage.local) to remember:

  1. Your settings — protection level, theme, feature toggles, custom filter rules you typed into the options page.
  2. Your trusted sites list ("allowlist") — hostnames you chose to exempt from blocking.
  3. Your banished sites list ("blocklist") — hostnames you chose to redirect to an intercept page.
  4. Per-host cosmetic rules — CSS selectors you saved via the element picker, scoped to the host you saved them on.
  5. Local block statistics — a count of how many requests we have blocked, optionally broken down by date, hour, blocked-domain, and the site where the block happened. These exist only so the Statistics dashboard and the badge counter have something to display. They never leave your device.

Items 1, 2, 3, 4 are written to storage.sync, which means they sync across your browser profile via the sync provider you use (Google for Chrome, Mozilla for Firefox, etc.). The data flows through your own browser account; it does not flow through us — we have no server that sees it.

Item 5 is written to storage.local and never leaves the device.

You can wipe everything at any time with the Move your setup → Reset to defaults action in Settings.

Optional checks

Network connections the extension makes

The extension talks to at most two external endpoints:

Endpoint When Why
https://api.simplyapphub.com/config/simply_adblocker_config.json Once a week, and once shortly after install, unless you turn it off via Settings → Advanced → "Receive remote configuration updates" (on by default in v1.1.0). Fetches a JSON file with emergency killswitches, optional updates to the compatibility allowlist (the small list of sites where we let Google's tracker URLs through so AI Studio / Gemini / Cloud Console / Colab can authenticate), community-curated global trusted/banished site lists, and announcements. The extension also ships with a bundled local copy of this file; if the network request fails or the server is unreachable, the bundled copy is used and no further attempt is made until the next weekly tick.
https://easylist.to/easylist/easyprivacy.txt Once a week, only if the "Auto-update filter lists" toggle is on (off by default for new installs in v1.1.0). Refreshes the bundled EasyPrivacy tracker list to catch new tracker domains between extension releases.

Both requests are plain HTTPS GETs with no identifying header, no cookie, no user-agent customization beyond Chrome's default, and no request body. Server-side logs on api.simplyapphub.com and easylist.to may record the source IP address, the timestamp, and the User-Agent string the same way any HTTPS service does — but nothing in the request identifies you as a SimplyAdBlocker user beyond the URL path.

If you turn both toggles off (or just opt out of remote configuration), the extension makes zero network requests for its entire lifetime beyond loading its own bundled files.

Remote config

What the remote configuration can do

  • Flip emergency killswitches that disable a misbehaving feature for everyone without us shipping an extension update through four stores.
  • Add or remove hostnames from the compatibility allowlist (the small set of Google products where we let gtm.js and play.google.com/log through).
  • Add hostnames to a global allowlist (sites the community has confirmed are safe to fully trust).
  • Add hostnames to a global blocklist (sites confirmed malicious between releases). The user's personal trusted list always wins conflicts.
  • Suggest a new fresh-install protection level for users who install the extension after the suggestion is published.
  • Show a banner with a brief announcement message.

Hard limits

What the remote configuration cannot do

The endpoint cannot ship JavaScript, change manifest permissions, modify the bundled scriptlet allowlist, override the user's personal settings, or remove entries from anyone's personal trusted or banished list. The bundled JSON validator rejects responses larger than 64 KB and silently drops any field that doesn't match the closed schema.

Page behavior

What the extension does to web pages you visit

To block ads and trackers, the extension:

  1. Blocks network requests to known ad/tracker URLs using Chrome's built-in declarativeNetRequest API. The rules are bundled with the extension (from EasyList, EasyPrivacy, AdGuard cookie/popup/anti-cv, Fanboy lists). We do not log the URLs we block — only a counter is incremented for the Statistics dashboard.
  2. Hides ad slots by injecting CSS into pages via standard browser APIs.
  3. (Opt-in only) Injects "scriptlets" — small JavaScript snippets bundled with the extension — into pages to bypass anti-adblock walls and pre-set cookie-consent rejections. Each of these features is off by default and can be enabled individually.

The extension never reads, transmits, or stores the contents of the pages you visit.

Browser permissions

Permissions the extension requests, and why

Permission Why
host_permissions: <all_urls> Ad-blocking applies to every site you visit. Without all-site access, we cannot block trackers on the sites you actually use.
declarativeNetRequest Required for the blocking API.
declarativeNetRequestFeedback Lets us count blocked requests so the popup badge and Statistics dashboard have something to display. All counts stay on your device.
storage Stores your settings, trusted/banished sites, custom rules, and stats counters.
tabs Reads the active tab's URL so the popup can show "Protecting this site".
scripting Injects the element picker (when you click "Hide an element") and per-domain scriptlets (when enabled).
alarms Schedules the optional weekly EasyPrivacy update.
contextMenus Adds right-click "Trust this site" / "Hide this element" actions.

Not collected

Data we do not collect

  • We do not see your browsing history.
  • We do not see the URLs you visit.
  • We do not see the content of any page.
  • We do not see your IP address.
  • We do not run any analytics SDKs or third-party trackers.
  • We do not have user accounts.
  • We do not sell, share, transfer, or rent any data.

Children

Children

SimplyAdBlocker is suitable for all ages. We do not knowingly collect data from anyone, including children.

Source

Open source

The extension's full source code is available under the MIT license. The build is reproducible: run npm install && npm run build from a clean source checkout to reproduce the published artifact byte-for-byte (modulo zip metadata). See AMO-SOURCE-NOTES.md for full instructions.

Questions

Contact

If you have privacy questions or want a feature added, email [email protected].

Updates

Changes to this policy

We will update the Effective date above and ship a changelog entry on the GitHub releases page whenever this policy changes materially.