← Back to Circuit Breaker
Privacy Policy
Last updated: 31 March 2026
Circuit Breaker is a browser extension that blocks distracting websites. We built it to be as private as possible. Here's exactly what we collect, what we don't, and how your data is protected.
The short version: We collect your email (encrypted), a hashed password, and your blocking configuration. That's it. No browsing history, no tracking, no analytics. Your data is yours.
What we collect
If you create an account to sync across devices, we store:
- Email address — encrypted at rest using AES-256-GCM. We cannot read your email in our database. It's used solely to identify your account when you log in.
- Password — hashed using PBKDF2-SHA256 with 100,000 iterations and a unique random salt. We never see or store your actual password.
- Blocking configuration — which categories, sites, and features you've toggled on or off. This is what syncs between your devices.
- Device name — when you register a device for sync, we derive a short label (e.g. "Chrome on macOS") from your browser's user agent string. The full user agent is not stored on our servers.
- Authentication tokens — access and refresh tokens are stored locally in your browser's extension storage to keep you signed in. These are cleared when you sign out or delete your account.
What we don't collect
- No browsing history
- No page content
- No cookies or session data from other sites
- No analytics or usage tracking
- No advertising identifiers
- No data is sold or shared with third parties
Without an account
Circuit Breaker works perfectly without creating an account. Your blocking selections are stored locally in your browser's storage and are never sent anywhere. No data leaves your device.
Where data lives
- Local device — your selections are stored in the browser's local storage. This data stays on your device and is removed when you uninstall the extension.
- Cloud sync (optional) — if you create an account, your encrypted email, hashed password, and blocking configuration are stored on Cloudflare's D1 database infrastructure.
- Self-hosted option — you can run your own Circuit Breaker sync server using Docker. In this case, all data stays on your own infrastructure and never touches our servers.
How the extension works
The Circuit Breaker extension runs entirely in your browser. When you trip a switch:
- Domain-level blocks use Chrome's
declarativeNetRequest API — the browser blocks requests before they're made. The extension never sees the content of blocked pages.
- Feature-level blocks (like hiding YouTube comments) inject a small CSS stylesheet that hides specific elements. No page content is read or transmitted.
- The extension communicates with the Circuit Breaker dashboard website via
postMessage to receive configuration updates. This only happens on the Circuit Breaker dashboard page, not on any other website.
Permissions explained
- "Read and change all your data on all websites" — this permission (
<all_urls>) is required because Circuit Breaker needs to block any website you choose and hide elements on any site. The extension only uses this to apply your blocking rules — it does not read, collect, or transmit any page content.
- Storage — to save your blocking selections locally.
- declarativeNetRequest — to block website requests at the browser level.
Third-party services
- Cloudflare — hosts the website, API, and database (for sync accounts). Cloudflare's privacy policy.
- Stripe — processes payments if you upgrade to a paid sync plan. We do not store your card details. Stripe's privacy policy.
- Google Fonts — loads the DM Sans typeface on the dashboard website. No fonts are loaded by the extension itself.
Data retention and deletion
You can delete your account at any time from the Settings panel. This immediately and permanently removes all your data from our servers — your encrypted email, hashed password, blocking configuration, device registrations, and sessions. There is no recovery.
If you uninstall the extension without an account, all local data is automatically removed by your browser.
Children
Circuit Breaker does not knowingly collect data from children under 13. The extension can be used by parents to block content on their children's devices using the device lock feature.
Changes to this policy
If we make significant changes to this policy, we'll update the date at the top and note what changed. The extension itself does not collect any additional data beyond what's described here.
Contact
Questions about privacy? Open an issue on GitHub or email privacy@josephpalmer.co.uk.