Reveal URLs — Privacy Policy
Last updated: 2026-07-02
Reveal URLs reveals the URL each link in your mail points to so you can spot phishing before you click. It comes in three forms: the browser extension (and Thunderbird add-on), the Outlook add-in and the Gmail add-on.
The short version
Reveal URLs sends nothing to us or to any third party. There is no analytics and no tracking, and we — the developers — receive none of your data. The browser extension and the Thunderbird add-on do all their work on your own device, transmitting nothing. The Outlook add-in analyses the message on your own device and sends no email or message data anywhere; its task-pane code (the HTML, JavaScript, CSS and icons) is, however, loaded from https://www.reveal-urls.eu over HTTPS — like opening any web page — so the host serving that code sees the request for it. The Gmail add-on is the one form that runs elsewhere: because Gmail add-ons run on Google's own servers, the open message is read and analysed there (by Google, who already hold your mail), never by us and never by anyone else.
What it accesses
To reveal and check links, Reveal URLs reads the visible text and the destination (href) of links in the message you're reading. How and where this happens depends on the form:
- Browser extension — reads only within the page you're viewing, in your browser as the page renders, plus the page's colours (to keep the revealed URL legible). It is never stored and never transmitted. The Thunderbird add-on works the same way on the rendered message.
- Outlook add-in — the task pane reads the body of the message you have open, through Outlook's add-in interface, and analyses it locally in the pane on your device. No email or message data is sent anywhere. The task pane's own code (HTML, JavaScript, CSS and icons) is loaded from https://www.reveal-urls.eu over HTTPS — as happens when you open any web page — so the host serving that code sees the request for it; your message content is not part of that request.
- Gmail add-on — when you open a message, Google runs the add-on on its own servers, where it reads and analyses just that one open message under a single narrow data permission and returns a card of findings. The message content is processed each time you open a message and is not retained by the add-on; nothing is shared with any third party.
What it stores
Only your own settings — never email content or browsing history. Where they are stored depends on the form:
- Browser extension — enabled/disabled, display mode, colours and font sizes, your ignore-list, and any sites you choose to add (their URL match pattern and message-body selector), saved via your browser's extension storage. If your browser's sync is on, your settings sync across your signed-in devices, handled by your browser vendor under their privacy policy — never sent to us; settings only. If sync is unavailable, settings stay local to the device. Removing the extension clears them.
- Outlook add-in — your ignore-list and mismatch-highlighting choice, saved in Outlook's per-user roaming settings, which roam with your Outlook account; never sent to us.
- Gmail add-on — your per-user settings, saved in Google's per-user properties for the add-on (needing no extra permission); never sent to us.
What it does NOT do
- It does not collect, sell, or share any personal data.
- It does not send your email, link data, or browsing history to us or to any third party.
- It does not retain message content: the Gmail add-on processes each message only as you open it.
- It contains no analytics, telemetry, advertising, or trackers.
- It runs no dynamically-fetched or
eval'd code; the detection logic ships bundled in each form. (The Outlook task pane is the add-in's own static bundle, loaded from https://www.reveal-urls.eu over HTTPS like any web page, and uses Microsoft's Office.js runtime; the Gmail add-on runs on Google's Apps Script using CardService — the standard platform runtimes.)
Permissions
Browser extension (and Thunderbird add-on)
storage— to save your settings.- Access to your webmail site(s) — Gmail, Outlook and Proton by default, plus any site you explicitly add and grant — so it can annotate links in the messages you read. Additional sites are only ever accessed after you grant permission to that specific site.
scripting— to run the link-revealing code on those sites.- (Thunderbird only)
messagesRead— to annotate links in the message you're reading.
Outlook add-in
- Read access to the message you have open (Outlook's
ReadItempermission) — so the task pane can read its links and check them on your device. No email or message data is sent anywhere; the task pane's own code is loaded from https://www.reveal-urls.eu over HTTPS, as happens when you open any web page.
Gmail add-on
- The only permission that touches your data is to read the message you currently have open (
https://www.googleapis.com/auth/gmail.addons.current.message.readonly) — so Google's servers can read that one message, check its links and return the findings. It asks for nothing more here: it cannot read your other mail, send mail, or change anything. - It also requests the standard permission to run as a Gmail add-on (
https://www.googleapis.com/auth/gmail.addons.execute) — this is required for any add-on to run in Gmail and grants no access to your mail or data.
Gmail add-on: how it handles your Google user data
This section documents, for Google's review, exactly how the Gmail add-on accesses, uses, stores, shares, protects, retains and deletes Google user data.
Data accessed. The add-on reads only the body of the single email message you currently have open, under one narrow scope, https://www.googleapis.com/auth/gmail.addons.current.message.readonly. It also holds https://www.googleapis.com/auth/gmail.addons.execute, the standard scope that lets an add-on run in Gmail; that scope grants no access to your data. The add-on cannot read your other messages, and does not access subjects, headers, sender or recipient addresses, attachments, labels, or any Google account profile data.
Data usage. The message body is used for one purpose only: to find the links in it, compare each link's visible text against its real destination, and show you a card highlighting mismatches so you can spot phishing. All of this runs on Google's own Apps Script servers when you open the message. The add-on makes no external network requests and sends the message content nowhere.
Data sharing. None. Google user data is never sold, and never shared with or transferred to any third party. The developer receives none of it. There are no analytics, advertising, or tracking components.
Data storage & protection. Message content is processed transiently in memory during the request and is never written to durable storage by the add-on. The only data the add-on stores is your own settings, saved as a small JSON configuration object in Google's per-user Apps Script UserProperties. In the Gmail add-on you can edit your ignore-list and the mismatch-highlighting toggle; the object also carries display-preference fields shared with the browser extension (kept at their defaults unless changed), and never any email content. It is held within Google's infrastructure and protected by Google's platform security (encrypted in transit and at rest), scoped to your account, and never leaves Google. No data is stored on any developer or third-party server.
Data retention & deletion. The add-on retains no message content: each message is processed only for as long as it takes to build the card when you open it. The only data that persists is your settings object, and only until you delete it. You can delete it yourself at any time from the add-on's settings using the Clear settings button, which removes everything the add-on has stored for you and returns it to defaults. For any question about your data, contact us (see Contact below).
Limited Use. Reveal URLs' use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Contact
Questions about this policy: https://www.phpfreelance.co.uk/contact.html