Reveal URLs — Privacy Policy

Last updated: 2026-06-15

Reveal URLs reveals the true destination of links in your webmail so you can spot phishing before you click. It comes in three forms: the browser extension (and Thunderbird add-on), the Outlook add-in and the Gmail add-on.

The short version

Reveal URLs sends nothing to us or to any third party. There is no analytics and no tracking, and we — the developers — receive none of your data. The browser extension and the Thunderbird add-on do all their work on your own device, transmitting nothing. The Outlook add-in analyses the message on your own device and sends no email or message data anywhere; its task-pane code (the HTML, JavaScript, CSS and icons) is, however, loaded from Codeberg Pages over HTTPS — like opening any web page — so the host serving that code sees the request for it. The Gmail add-on is the one form that runs elsewhere: because Gmail add-ons run on Google's own servers, the open message is read and analysed there (by Google, who already hold your mail), never by us and never by anyone else.

What it accesses

To reveal and check links, Reveal URLs reads the visible text and the destination (href) of links in the message you're reading. How and where this happens depends on the form:

• Browser extension — reads only within the page you're viewing, in your browser as the page renders, plus the page's colours (to keep the revealed URL legible). It is never stored and never transmitted. The Thunderbird add-on works the same way on the rendered message.
• Outlook add-in — the task pane reads the body of the message you have open, through Outlook's add-in interface, and analyses it locally in the pane on your device. No email or message data is sent anywhere. The task pane's own code (HTML, JavaScript, CSS and icons) is loaded from Codeberg Pages over HTTPS — as happens when you open any web page — so the host serving that code sees the request for it; your message content is not part of that request.
• Gmail add-on — when you open a message, Google runs the add-on on its own servers, where it reads and analyses just that one open message under a single narrow data permission and returns a card of findings. The message content is processed each time you open a message and is not retained by the add-on; nothing is shared with any third party.

What it stores

Only your own settings — never email content or browsing history. Where they are stored depends on the form:

• Browser extension — enabled/disabled, display mode, colours and font sizes, your ignore-list, and any sites you choose to add (their URL match pattern and message-body selector), saved via your browser's extension storage. If your browser's sync is on, your settings sync across your signed-in devices, handled by your browser vendor under their privacy policy — never sent to us; settings only. If sync is unavailable, settings stay local to the device. Removing the extension clears them.
• Outlook add-in — your ignore-list and mismatch-highlighting choice, saved in Outlook's per-user roaming settings, which roam with your Outlook account; never sent to us.
• Gmail add-on — your per-user settings, saved in Google's per-user properties for the add-on (needing no extra permission); never sent to us.

What it does NOT do

• It does not collect, sell, or share any personal data.
• It does not send your email, link data, or browsing history to us or to any third party.
• It does not retain message content: the Gmail add-on processes each message only as you open it.
• It contains no analytics, telemetry, advertising, or trackers.
• It runs no dynamically-fetched or eval'd code; the detection logic ships bundled in each form. (The Outlook task pane is the add-in's own static bundle, loaded from Codeberg Pages over HTTPS like any web page, and uses Microsoft's Office.js runtime; the Gmail add-on runs on Google's Apps Script using CardService — the standard platform runtimes.)

Permissions

Browser extension (and Thunderbird add-on)

• storage — to save your settings.
• Access to your webmail site(s) — Gmail, Outlook and Proton by default, plus any site you explicitly add and grant — so it can annotate links in the messages you read. Additional sites are only ever accessed after you grant permission to that specific site.
• scripting — to run the link-revealing code on those sites.
• (Thunderbird only) messagesRead — to annotate links in the message you're reading.

Outlook add-in

• Read access to the message you have open (Outlook's ReadItem permission) — so the task pane can read its links and check them on your device. No email or message data is sent anywhere; the task pane's own code is loaded from Codeberg Pages over HTTPS, as happens when you open any web page.

Gmail add-on

• The only permission that touches your data is to read the message you currently have open (https://www.googleapis.com/auth/gmail.addons.current.message.readonly) — so Google's servers can read that one message, check its links and return the findings. It asks for nothing more here: it cannot read your other mail, send mail, or change anything.
• It also requests the standard permission to run as a Gmail add-on (https://www.googleapis.com/auth/gmail.addons.execute) — this is required for any add-on to run in Gmail and grants no access to your mail or data.

Contact

Questions about this policy: https://www.phpfreelance.co.uk/contact.html