Plinth Grant Capture — Privacy Policy

Privacy policy for the Plinth Grant Capture Chrome extension: what data it handles, how it's used, and the permissions it requests.

Who we are

Plinth Grant Capture ("the extension") is a Chrome extension published by Time To Spare Ltd, trading as Plinth ("we", "us", "our"), Space 4, 113-115 Fonthill Road, London, N4 3HH. It is a companion to the Plinth web application (app.plinth.org.uk). Questions: support@plinth.org.uk.

What the extension does (single purpose)

The extension has a single purpose: when you are signed in and viewing a grant application in a funding portal, it lets you capture that application — its field values and file attachments — and import it into your Plinth account. It only reads or acts on a page when you ask it to.

What data the extension handles

Grant-application content — only when you start a capture

When you click Capture application (or Capture all), the extension reads the content of the grant-application page you are viewing: the application's field values, visible text, links, and downloadable file attachments. To capture a multi-page application it may open the application's related pages in hidden background tabs and read those too.

Depending on what the portal displays, this content can include personal data about applicants and third parties (such as names, contact details, and financial or organisational information). This content is sent to the Plinth API so it can be extracted into structured fields and imported into the grant record you select.

  • File attachments are fetched and held only temporarily in the extension's background worker. The popup shows you only file metadata (name, type, size) for review; the file contents are uploaded to Plinth only when you click Send.
  • The extension does not read page content in the background or on pages where you have not started a capture. To decide whether to offer "Capture all applications", it inspects the current tab's address and layout locally when you open the popup; that check is not stored or transmitted.

Account and authentication data

You sign in with your existing Plinth account — email and password, Google sign-in, and/or two-factor authentication — via Firebase Authentication. We process your email address and authentication tokens to sign you in and to authorise API requests. If you choose Google sign-in, Google returns your basic profile (email, name) to authenticate you. Session tokens are stored locally in the extension's own storage (at the chrome-extension:// origin), which web pages cannot read.

Local caches on your device

To work faster and avoid repeat processing, the extension stores on your device, via Chrome's extension storage: learned per-portal field and download selectors, field-mapping caches, and a short record of applications imported during the current session (used to warn you about duplicates). This data stays on your device.

How we use the data

We use the data solely to provide and improve the extension's single purpose — capturing grant applications and importing them into your Plinth account — and to authenticate you. We do not use it for advertising, profiling, or any unrelated purpose.

Who we share data with

  • Plinth (Time To Spare Ltd). Captured application content and files are sent to the Plinth API to extract and import them into your account — the same service that already holds your Plinth data.
  • Google. Used for authentication (Firebase Authentication / Google sign-in) only. Google's handling of sign-in data is governed by Google's Privacy Policy.
  • No one else. We do not sell your data, and we do not share it with data brokers, advertising networks, or any other third party — except where required by law or to protect against fraud, abuse, or security threats.

Limited Use

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

In particular, our use of data obtained through the extension:

  • is limited to providing or improving the extension's single purpose;
  • is not transferred to third parties except as necessary to provide that purpose, to comply with applicable law, or to protect against fraud, abuse, or security threats;
  • is never used or transferred for personalised advertising, nor to determine creditworthiness or for lending purposes; and
  • is not read by humans except with your explicit consent, for security purposes (e.g. investigating abuse), or as required by law.

Data security and retention

Data in transit is protected with HTTPS/TLS. Captured file contents are held only transiently in the extension's background worker during a capture and are discarded when the capture is sent, reset, or the worker stops. Authentication tokens are stored in the extension's origin storage on your device. Data you import into Plinth is retained and handled under Plinth's main privacy policy and your agreement with Plinth.

Permissions and why we request them

  • activeTab / scripting — to read and capture the grant-application page, only when you invoke the extension on it.
  • Host access, requested at the time of use — to capture an application fully (read its other pages and download its file attachments, which often live on a separate storage host), the extension needs access to the sites involved. Because it is designed to work on any grant portal, it asks for this access when you start a capture, not at install — so it requests nothing broad until you choose to use it, and you can decline (a single-page capture still works).
  • identity — Google sign-in.
  • storage — the local caches described above.
  • tabs — to open and capture an application's related views in background tabs.

Children

The extension is a professional tool for grant-makers and funders. It is not directed to children.

Your rights

To request access to, correction of, or deletion of your personal data, or for any privacy question, contact support@plinth.org.uk. Data held in your Plinth account is subject to the rights described in Plinth's main privacy policy.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above and, where appropriate, announced in the product.