Privacy Policy

GeoSpoof is committed to protecting your privacy. This extension is designed to enhance your location privacy and does not collect, store, or transmit any personal data to the extension developer.

GeoSpoof does not implement VPN functionality. It does not use NetworkExtension or any VPN framework, and it does not route, tunnel, or inspect network traffic. The word "VPN" appears only in reference to the optional "Sync with VPN" feature, which helps align your browser's reported location with the exit region of a third-party VPN you are already running.

GeoSpoof does not collect any personal data. The extension:

• Does NOT track your browsing activity
• Does NOT collect analytics or telemetry
• Does NOT store data on external servers
• Does NOT share data with third parties for advertising or marketing

All extension settings are stored locally on your device using the browser's local storage API (browser.storage.local):

• Your spoofed location coordinates
• Your timezone preferences
• Resolved location name (city, country)
• WebRTC protection settings
• VPN sync preference
• Onboarding completion status

This data never leaves your device and is only accessible by the extension.

When you use certain features, the extension communicates with external services. The developer operates no server and receives none of this data.

Nominatim (OpenStreetMap) — Used when you search for a city or the extension performs reverse geocoding. Sends your search query or coordinates over HTTPS. Privacy Policy

VPN Sync Services — Used only when you explicitly enable "Sync with VPN" or tap the "Re-sync" button. Your public IP address is first detected via ipify (api.ipify.org), then sent in parallel over HTTPS to up to four public IP geolocation services to resolve its approximate region. The first successful response is used; the rest are cancelled. Only your public IP is transmitted — no identifiers, account data, or browsing history:

• GeoJS (get.geojs.io) — primary service
• FreeIPAPI (free.freeipapi.com) — fallback
• ReallyFreeGeoIP (reallyfreegeoip.org) — fallback
• ipinfo.io (ipinfo.io) — fallback

Privacy safeguards for VPN Sync: all requests use HTTPS. Your IP address is held only in an in-memory cache for the current browser session — it is never written to disk. The in-memory cache is cleared the moment you disable "Sync with VPN" or switch to a different location input method.

browser-geo-tz — Makes HTTPS range requests to a CDN to fetch small chunks of timezone boundary data. Your coordinates are never sent as a query or stored by a third-party API; the extension resolves your timezone locally using the downloaded boundary data. Project page

• All settings are stored locally using the browser's secure storage API
• No data is transmitted to the extension developer
• All third-party API calls use HTTPS encryption
• The developer operates no backend server and maintains no user accounts

• storage: To save your settings locally
• privacy: To configure WebRTC protection
• <all_urls>: To inject location spoofing on websites you visit

These permissions are used solely for the extension's functionality and not for data collection.

You have complete control over your data:

• All settings can be cleared by disabling or removing the extension
• You can view all stored data in your browser's extension storage inspector
• No account or registration is required

Using location spoofing may violate the terms of service of certain websites (streaming services, financial services, e-commerce platforms). You are responsible for ensuring your use complies with applicable terms of service and laws.

GeoSpoof does NOT change browser language, spoof your IP address, or bypass server-side detection.

If you are located in the EEA, UK, or Switzerland, the following applies to you in addition to the rest of this policy.

Controller: Anthony Sgro, an individual developer based in the United States, acts as the data controller for any personal data processed by this extension. You can contact the controller at support@geospoof.com.

Legal basis for processing: The only personal data processed is your public IP address, and only when you explicitly enable the "Sync with VPN" feature. We rely on your consent (GDPR Art. 6(1)(a)), which you give by enabling the feature, and which you can withdraw at any time by disabling "Sync with VPN" in the extension popup. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

International transfers: The third-party services listed above (ipify, GeoJS, FreeIPAPI, ReallyFreeGeoIP, ipinfo.io, Nominatim) are operated outside the EEA, including in the United States. When you use features that contact these services, your public IP is transferred to their infrastructure. Each service is an independent controller and determines its own transfer mechanisms. The extension developer operates no server and performs no cross-border transfer on its own.

Your rights under GDPR / UK GDPR: you have the right to access, rectify, erase, restrict, object to, and port your personal data, and to withdraw consent at any time. Because the extension stores no personal data on any server controlled by the developer, most of these rights are exercised directly by you within the extension: uninstalling the extension or disabling "Sync with VPN" fully erases everything the developer could ever access. You also have the right to lodge a complaint with your local data protection authority.

Retention: Your public IP is held only in volatile memory for the current browser session and cleared when you disable the feature or close your browser. No retention period applies because no storage occurs.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights regarding your personal information.

We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. We do not disclose personal information for cross-context behavioral advertising. We do not knowingly handle the personal information of consumers under 16.

Categories collected: The only category of personal information touched by the extension is an internet identifier (your public IP address), and only when you explicitly enable "Sync with VPN." It is used for the single purpose described above and is not retained.

Your rights: You have the right to know what personal information is collected, the right to delete personal information, the right to correct inaccurate personal information, the right to opt out of sale or sharing (there is nothing to opt out of here), and the right not to receive discriminatory treatment for exercising these rights. Because no personal information is retained by the developer, these rights are effectively exercised by uninstalling the extension or disabling the feature. For any inquiry, contact support@geospoof.com.

GeoSpoof is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has used the extension in a way that caused personal information to reach a third-party service referenced above, please contact us at support@geospoof.com and we will take reasonable steps to assist.

Because the extension stores no personal data on any developer-operated server, there is no developer-side database that can be breached. In the unlikely event of a security issue affecting the extension itself (for example, a vulnerability in the extension code), we will publish an advisory on the project's GitHub page and release a patched version through the relevant browser stores. Where required by applicable law, we will notify affected users and the relevant data protection authority.

If this privacy policy changes, the updated version will be posted on this page and in the extension's repository. The "Last Updated" date at the top of this page will be revised accordingly. Continued use of the extension after changes are posted constitutes your acceptance of the updated policy.

For questions about this privacy policy, contact us at support@geospoof.com or open an issue on GitHub.