VocaSpot - CEFR Vocabulary Highlighter Privacy Policy

Effective date: 2026-04-25 · Version 1.0.0

    Short version: VocaSpot does not collect, store, or transmit any personal
    information. The only data that ever leaves your browser is the specific word you click on,
    sent to a free public dictionary API to fetch its definition.
  

What VocaSpot reads

When you visit a news article, VocaSpot reads the visible text of that page entirely within your browser. This text is processed locally to identify words that match your selected CEFR level. It is held in memory only for the duration of the current page visit and is never written to disk, sent to any server, or shared with any third party.

What leaves your browser

The only outbound network request VocaSpot makes is when you click a highlighted word. The word's base form (lemma) — for example, inflation — is sent to the Free Dictionary API (api.dictionaryapi.dev) to retrieve its definition, pronunciation, and synonyms.

No page URL is sent.
No user identity is sent.
No browsing history is sent.
The word lookup contains no information that could identify you personally.

The Free Dictionary API is a public, unauthenticated service. Please review their terms for details on how they handle query data on their end.

What is stored locally

VocaSpot stores the following data only on your device using chrome.storage.sync and chrome.storage.local:

Your selected CEFR level (e.g. B1).
Your chosen highlight style (underline, background colour).
A list of sites where you have disabled the extension.
A count of words spotted today (resets daily, stored locally only).
Words you have saved for review (stored locally only, up to 100 entries).

Sync storage is shared across your signed-in Chrome profile. None of this data is transmitted to VocaSpot's developers or any third party.

Permissions used and why

storage — to save your CEFR level and preferences locally and across devices.
activeTab — to read the text of the page you are currently viewing so VocaSpot can identify and highlight relevant words. Access is granted only for the tab that is active when you interact with the extension.

VocaSpot requests no other permissions.

Analytics and tracking

VocaSpot contains no analytics, telemetry, tracking pixels, or fingerprinting code. No usage data of any kind is collected by the extension's authors.

Children's privacy

VocaSpot does not knowingly collect any data from anyone, including children under 13. Because nothing is collected, no special provisions are necessary.

Changes to this policy

If the privacy practices of VocaSpot ever change, an updated policy will be published with a new effective date. Significant changes will be noted in the extension's changelog.

Contact

Questions or concerns? Open an issue at github.com/grapes-labs/vocaspot/issues .