Privacy Policy - RAV Security

RAV Browser Monitor ("the Extension") is an enterprise-grade security tool developed by RAV Security. This Privacy Policy outlines our transparent approach to data collection, processing, and security.

Enterprise Use Only This Extension is designed exclusively for managed enterprise environments. It is deployed and configured by IT administrators and is not intended for consumer use.

1. Data Collection Scope

The Extension operates under strict data minimization principles. We collect only what is necessary for security monitoring and compliance:

Data Category	Specific Data Points
Browsing Activity	URLs visited, page titles, timestamps, and visit duration.
Tab State	Active tab URL, window focus status, and open tab counts.
File Transfers	File names, source URLs, file sizes, and completion status of downloads.
Device Telemetry	Browser version, extension version, and connectivity health status.

2. Data Processing & Security

All collected data is processed locally on the endpoint before being securely transmitted.

Secure Transmission

Data is transmitted via Chrome's Native Messaging protocol to the local RAV Agent. From there, it is encrypted using TLS 1.2+ and sent directly to your organization's dedicated backend instance.

Data Ownership

RAV Security acts as a data processor. Your organization (the employer) is the data controller and retains full ownership of all collected logs.

3. Purpose of Processing

The data collected serves specific enterprise security objectives:

Threat Detection: Identifying access to known malicious domains or phishing sites.
Data Loss Prevention (DLP): Monitoring file downloads to prevent unauthorized exfiltration of sensitive IP.
Incident Response: providing forensic audit trails during security investigations.
Regulatory Compliance: Ensuring adherence to industry standards (SOC2, HIPAA, ISO 27001).

4. Permission Transparency

The Extension requests the minimum set of permissions required to function:

Permission	Justification
`tabs`	Required to monitor active tab URL changes for real-time visibility.
`history`	Required to build a timeline of user navigation for forensic auditing.
`downloads`	Required to log file download events for DLP analysis.
`nativeMessaging`	Required for secure, sandbox-compliant communication with the host agent.

Contact & Inquiries

For privacy-related questions, please refer to your organization's internal IT policy first.

RAV Security Privacy Team
privacy@ravsecurity.com