Search for Usernames

Complete digital intelligence across thousands of platforms. Trusted by professional investigators.

Back to Forensic Capture

Privacy Policy

UserSearch Forensic Capture

Last updated: 9 July 2026

In one sentence: your captured evidence never leaves your machine — the only things the extension sends are the sign-in tokens for your free account and, if you enable timestamping, anonymous cryptographic hashes to timestamp authorities.

This policy explains, in plain language, exactly what UserSearch Forensic Capture (the "extension") does with data. We wrote it to be checkable: everything below is enforced in the extension's code, every outbound network request the extension ever makes is routed through a single audited module, and the extension keeps a local log of every request it sends that you can inspect yourself on the options page.


1. What the extension does

UserSearch Forensic Capture is a free browser extension for capturing web pages as evidence: full-page screenshots, a rendered-DOM snapshot of the page as displayed, the raw HTTP response body, optional MHTML, optional screen-recorded video, and PDF reports. Every captured artifact is hashed with SHA-256 on your device, sealed into a tamper-evident manifest, and (if you enable timestamping) anchored to independent timestamp authorities so you can later prove the evidence existed at a point in time — without the evidence itself ever being transmitted anywhere.

All capture, hashing, report generation, video recording, and verification happen entirely on your device, inside your browser. No companion cloud service and no server of ours ever receives your evidence. Creating new captures does require a free UserSearch account — a verified email address, with no name and no payment — used only to confirm you have a valid account; viewing, verifying, and exporting captures you have already made works without signing in. Section 3.1 sets out exactly what the sign-in transmits, and what your account email is used for.

2. What data the extension stores — and where

Everything the extension stores lives locally in your browser profile on your device:

  • Captured evidence (screenshots, DOM snapshots, raw HTTP bodies, MHTML files, video recordings, tile checkpoints) — stored as binary blobs in your browser's IndexedDB, on your disk.
  • Case data (case names, capture records, subjects/dossier entries, your notes, hash manifests, timestamp proofs, the capture audit log) — same local IndexedDB.
  • Settings (capture options, timestamp endpoints, the operator identity you enter for report attribution) — the browser's local extension storage.
  • The egress log — a local record of every network request the extension has ever dispatched (timestamp, destination, request size, and the SHA-256 fingerprint of the request body). Kept so you can audit us; viewable on the options page.
  • Exports you request (PNG/PDF/report bundles/video files) — written to your Downloads folder by the browser at your explicit request.

None of this is transmitted to us or to anyone else. The extension asks the browser for persistent storage and holds the unlimitedStorage permission solely so the browser does not silently evict your evidence; that permission grants no network capability and no access to other sites' data.

The operator identity you enter at first run (name, organization, optional contact — used to attribute captures and reports) is stored locally, appears only in the evidence records and reports you generate and export, and is never transmitted by the extension.

3. Every network endpoint the extension can ever contact

The extension can contact only two kinds of destination: the UserSearch account service, to sign you in and confirm your account (opaque tokens only — never your evidence); and the timestamp authorities, to which it sends only anonymous cryptographic hashes. There are no others, and no feature — hidden or otherwise — ever sends your captured evidence, page content, or browsing history anywhere. All outbound requests are funneled through one choke-point module with a hardcoded allowlist of exact origins; a request to anything else fails, and every request is logged locally before any bytes leave your machine.

3.1 UserSearch account service — required to capture

  • Endpoint:https://usersearch.ai (sign-in and licence checks).
  • When: when you sign in, and periodically afterward to confirm your account is still valid (for example when you open the extension, and once daily). No account traffic occurs at all until you choose to sign in.
  • What is sent: standard OAuth 2.0 sign-in requests. You log in on the UserSearch website; the extension itself only exchanges and presents opaque authentication tokens to confirm your account. It never sends your captures, page content, notes, URLs, or any evidence. As with any online service, our account server records standard access-log information (such as IP address and time) for the sign-in and licence requests.
  • What comes back: authentication tokens and a valid/invalid result, used only to unlock capturing.
  • Your account and email: Capturing requires an account, which you create with a verified email address (no name, no payment). Your email is held by UserSearch as part of that account — the extension never receives or transmits it; you provide it directly to the UserSearch website when you sign in. UserSearch may occasionally send newsletters and product updates about UserSearch and this extension to that address; you can unsubscribe at any time using the link in those emails or by contacting [email protected]. Your UserSearch account — including your email and its use — is governed by the UserSearch website Privacy Policy at https://usersearch.com/privacy-policy. This extension policy covers only the evidence and data the extension itself handles on your device.

3.2 RFC 3161 timestamp authorities (TSA) — if timestamping is enabled

All timestamp traffic below is additionally gated behind a runtime permission prompt: even with timestamping switched on, the extension cannot contact these endpoints until you grant the browser's optional host permission for exactly these named hosts.

  • Defaults:http://timestamp.digicert.com (primary), http://timestamp.sectigo.com (fallback). You can change these to any TSA you choose on the options page; a TSA you configure is admitted for timestamp queries only.
  • When: on a background schedule (default: every 10 minutes) whenever newly sealed captures are waiting to be anchored.
  • What is sent: a standard DER-encoded RFC 3161 timestamp query containing a single SHA-256 digest — the root of a Merkle hash tree summarizing a batch of your evidence hashes. A hash is a one-way 32-byte fingerprint: it cannot be reversed into your evidence, and it reveals nothing about the page, its URL, or its content.
  • What comes back: a signed timestamp token, stored locally with your evidence.

3.3 OpenTimestamps calendar servers — if OpenTimestamps corroboration is enabled

  • Endpoints (all five):
    • https://a.pool.opentimestamps.org
    • https://b.pool.opentimestamps.org
    • https://alice.btc.calendar.opentimestamps.org
    • https://bob.btc.calendar.opentimestamps.org
    • https://finney.calendar.eternitywall.com
  • When: on the same background schedule as above (submission), and later when checking whether a pending proof has been confirmed on the Bitcoin blockchain (upgrade).
  • What is sent: a nonce-salted SHA-256 commitment — the SHA-256 of (Merkle root followed by 16 freshly generated random bytes). Because of the random salt, the value submitted is unlinkable: the calendar sees an anonymous 32-byte hash that cannot be correlated with your evidence, with other submissions, or with this installation. On upgrade checks, the same salted commitment is sent in the request path. The unsalted Merkle root itself is never transmitted anywhere.

3.4 Nothing else

There is no other endpoint. The extension contains no search, lookup, or enrichment feature that contacts any third party — inspection of captured evidence (EXIF, identifiers, text extraction) runs entirely on your device. The extension loads no remote scripts, fonts, stylesheets, images, or update feeds; all of its code and assets ship inside the extension package. (During a capture, the page you are capturing may load its own resources as part of normal browsing — that is the website's activity, not a transmission by us.) The extension's UI contains ordinary links to usersearch.com; clicking one simply opens a normal browser tab — the extension itself sends nothing when it displays them.

4. What the extension never does

  • No telemetry, analytics, or crash reporting. The extension sends us no usage data — we cannot see your captures and cannot count them. (Signing in and periodic licence checks tell our account service only that your account is active, as described in section 3.1; that never includes anything about what you captured.)
  • No access to your cookies. The extension does not request cookie permissions, and its own network requests carry no credentials for the sites you capture.
  • No cloud. Evidence is never uploaded, mirrored, synced, or backed up by us — there is nowhere for it to go.
  • No sale or sharing of data. We never sell, rent, share, or transfer user data to any third party, for any purpose. We receive none of your evidence, so there is nothing to sell; your account sign-in is used only to confirm your account.
  • No browsing surveillance. The extension reads a page only when you explicitly trigger a capture (or a monitoring check you configured) on that page.
  • No remote code. No CDNs, no externally hosted scripts, ever.

5. Chrome Web Store — Limited Use disclosure

The extension's use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including its Limited Use requirements.

Specifically: any data the extension handles is used solely to provide the user-facing forensic-capture features described in this policy and visible in the extension's interface; it is not sold or transferred to third parties; the only data that leaves the device is the account sign-in tokens sent to the UserSearch account service and, if you enable timestamping, the anonymous cryptographic hashes sent to the timestamp services (both enumerated in section 3), plus exports you initiate; it is not used for advertising, creditworthiness, or lending purposes; and no humans at UserSearch read your evidence — it never leaves your device.

6. Data retention — you control it

All data the extension stores lives in your browser's local storage and remains there until you remove it. By design, the extension's interface does not delete sealed evidence or contemporaneous notes (an anti-tampering safeguard); it can reclaim derived data such as extracted text (Options → Storage). To remove everything, clear the extension's site data or uninstall the extension (uninstalling deletes its local storage). Files you exported to disk are ordinary files under your control. We retain none of your evidence, because we hold none of it. (Your UserSearch account and email are held by the account service and are governed by the UserSearch website Privacy Policy; you can delete your account there.)

One consequence worth stating plainly: because there is no cloud copy, we cannot recover your evidence if your device or browser profile is lost. Export and back up anything you need to keep.

7. Changes to this policy

If we change this policy, we will update it at its published location with a new "last updated" date. Because the extension makes no network requests except those listed above, a policy change can never retroactively grant it new data access — any new endpoint or permission would require a new extension version and, where applicable, a new browser permission prompt to you.

8. Contact

Questions about this policy or the extension's data handling: